The http-method element contains the name of web resource collection's HTTP
method
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
if (descriptor.getSecurityConstraints().hasMoreElements()) {
boolean oneFailed = false;
boolean foundIt = false;
int na = 0;
int noSc = 0;
int naWRC = 0;
int noWRC = 0;
// get the http method's in this .war
for (Enumeration e = descriptor.getSecurityConstraints() ; e.hasMoreElements() ;) {
foundIt = false;
noSc++;
SecurityConstraintImpl securityConstraintImpl = (SecurityConstraintImpl) e.nextElement();
if (securityConstraintImpl.getWebResourceCollections().hasMoreElements()) {
for (Enumeration ee = securityConstraintImpl.getWebResourceCollections(); ee.hasMoreElements();) {
noWRC++;
WebResourceCollectionImpl webResourceCollection = (WebResourceCollectionImpl) ee.nextElement();
if (webResourceCollection.getHttpMethods().hasMoreElements()) {
for (Enumeration eee = webResourceCollection.getHttpMethods(); eee.hasMoreElements();) {
String webRCHTTPMethod = (String) eee.nextElement();
// valid methods are the following
if ((webRCHTTPMethod.equals("OPTIONS")) ||
(webRCHTTPMethod.equals("GET")) ||
(webRCHTTPMethod.equals("HEAD")) ||
(webRCHTTPMethod.equals("POST")) ||
(webRCHTTPMethod.equals("PUT")) ||
(webRCHTTPMethod.equals("DELETE")) ||
(webRCHTTPMethod.equals("TRACE")) ||
(webRCHTTPMethod.equals("CONNECT"))) {
foundIt = true;
} else {
foundIt = false;
}
if (foundIt) {
result.addGoodDetails(smh.getLocalString
("tests.componentNameConstructor",
"For [ {0} ]",
new Object[] {compName.toString()}));
result.addGoodDetails(smh.getLocalString
(getClass().getName() + ".passed",
"http-method [ {0} ] is valid HTTP method name within web resource collection [ {1} ] in web application [ {2} ]",
new Object[] {webRCHTTPMethod, webResourceCollection.getName(), descriptor.getName()}));
} else {
if (!oneFailed) {
oneFailed = true;
}
result.addErrorDetails(smh.getLocalString
("tests.componentNameConstructor",
"For [ {0} ]",
new Object[] {compName.toString()}));
result.addErrorDetails(smh.getLocalString
(getClass().getName() + ".failed",
"Error: http-method [ {0} ] is not valid HTTP method name within web resource collection [ {1} ] in web application [ {2} ]",
new Object[] {webRCHTTPMethod, webResourceCollection.getName(), descriptor.getName()}));
}
}
} else {
result.addNaDetails(smh.getLocalString
("tests.componentNameConstructor",
"For [ {0} ]",
new Object[] {compName.toString()}));
result.notApplicable(smh.getLocalString
(getClass().getName() + ".notApplicable1",
"There are no web http-methods in the web resource collection [ {0} ] within [ {1} ]",
new Object[] {webResourceCollection.getName(), descriptor.getName()}));
naWRC++;
}
}
} else {
result.addNaDetails(smh.getLocalString
("tests.componentNameConstructor",
"For [ {0} ]",
new Object[] {compName.toString()}));
result.notApplicable(smh.getLocalString
(getClass().getName() + ".notApplicable2",
"There are no web web resource collections in the web security constraint within [ {0} ]",
new Object[] {descriptor.getName()})); na++;
}
}
if (oneFailed) {
result.setStatus(Result.FAILED);
} else if ((na == noSc) || (naWRC == noWRC)) {
result.setStatus(Result.NOT_APPLICABLE);
} else {
result.setStatus(Result.PASSED);
}
} else {
result.addNaDetails(smh.getLocalString
("tests.componentNameConstructor",
"For [ {0} ]",
new Object[] {compName.toString()}));
result.notApplicable(smh.getLocalString
(getClass().getName() + ".notApplicable",
"There are no http-method elements within the web archive [ {0} ]",
new Object[] {descriptor.getName()}));
}
return result;
