All Downloads are FREE. Search and download functionalities are using the official Maven repository.

javax.servlet.ServletSecurityElement Maven / Gradle / Ivy

The newest version!
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package javax.servlet;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;

/**
 * The programmatic equivalent of
 * {@link ServletSecurity} used to configre
 * security constraints for a Servlet.
 *
 * @since Servlet 3.0
 */
public class ServletSecurityElement extends HttpConstraintElement {

    private final Map methodConstraints =
        new HashMap<>();

    /**
     * Use default HttpConstraint.
     */
    public ServletSecurityElement() {
        super();
    }

    /**
     * Use specified HttpConstraintElement.
     * @param httpConstraintElement The constraint
     */
    public ServletSecurityElement(HttpConstraintElement httpConstraintElement) {
        this (httpConstraintElement, null);
    }

    /**
     * Use specific constraints for specified methods and default
     * HttpConstraintElement for all other methods.
     * @param httpMethodConstraints Method constraints
     * @throws IllegalArgumentException if a method name is specified more than
     * once
     */
    public ServletSecurityElement(
            Collection httpMethodConstraints) {
        super();
        addHttpMethodConstraints(httpMethodConstraints);
    }


    /**
     * Use specified HttpConstraintElement as default and specific constraints
     * for specified methods.
     * @param httpConstraintElement Default constraint
     * @param httpMethodConstraints Method constraints
     * @throws IllegalArgumentException if a method name is specified more than
     * once
     */
    public ServletSecurityElement(HttpConstraintElement httpConstraintElement,
            Collection httpMethodConstraints) {
        super(httpConstraintElement.getEmptyRoleSemantic(),
                httpConstraintElement.getTransportGuarantee(),
                httpConstraintElement.getRolesAllowed());
        addHttpMethodConstraints(httpMethodConstraints);
    }

    /**
     * Create from an annotation.
     * @param annotation Annotation to use as the basis for the new instance
     * @throws IllegalArgumentException if a method name is specified more than
     * once
     */
    public ServletSecurityElement(ServletSecurity annotation) {
        this(new HttpConstraintElement(annotation.value().value(),
                annotation.value().transportGuarantee(),
                annotation.value().rolesAllowed()));

        List l = new ArrayList<>();
        HttpMethodConstraint[] constraints = annotation.httpMethodConstraints();
        if (constraints != null) {
            for (HttpMethodConstraint constraint : constraints) {
                HttpMethodConstraintElement e =
                        new HttpMethodConstraintElement(constraint.value(),
                                new HttpConstraintElement(
                                        constraint.emptyRoleSemantic(),
                                        constraint.transportGuarantee(),
                                        constraint.rolesAllowed()));
                l.add(e);
            }
        }
        addHttpMethodConstraints(l);
    }

    /**
     * Obtain the collection of security constraints configured for specific
     * methods.
     *
     * @return The security constraints for specific methods
     */
    public Collection getHttpMethodConstraints() {
        Collection result = new HashSet<>(methodConstraints.values());
        return result;
    }

    /**
     * Obtain the collection HTTP methods for which security constraints have
     * been defined.
     *
     * @return The names of the HTTP methods
     */
    public Collection getMethodNames() {
        Collection result = new HashSet<>(methodConstraints.keySet());
        return result;
    }

    private void addHttpMethodConstraints(
            Collection httpMethodConstraints) {
        if (httpMethodConstraints == null) {
            return;
        }
        for (HttpMethodConstraintElement constraint : httpMethodConstraints) {
            String method = constraint.getMethodName();
            if (methodConstraints.containsKey(method)) {
                throw new IllegalArgumentException(
                        "Duplicate method name: " + method);
            }
            methodConstraints.put(method, constraint);
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy