org.apache.camel.component.netty.http.SecurityConstraintMapping Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.camel.component.netty.http;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.apache.camel.support.PatternHelper;
/**
* A default {@link SecurityConstraint} which can be used to define a set of mappings to as constraints.
*
* This constraint will match as true if no inclusions has been defined. First all the inclusions is check for
* matching. If a inclusion matches, then the exclusion is checked, and if any of them matches, then the exclusion will
* override the match and force returning false.
*
* Wildcards and regular expressions is supported as this implementation uses
* {@link PatternHelper#matchPattern(String, String)} method for matching.
*
* This restricted constraint allows you to setup context path rules that will restrict access to paths, and then
* override and have exclusions that may allow access to public paths.
*/
public class SecurityConstraintMapping implements SecurityConstraint {
// url -> roles
private Map inclusions;
// url
private Set exclusions;
@Override
public String restricted(String url) {
// check excluded first
if (excludedUrl(url)) {
return null;
}
// is the url restricted?
String constraint = includedUrl(url);
if (constraint == null) {
return null;
}
// is there any roles for the restricted url?
String roles = inclusions != null ? inclusions.get(constraint) : null;
if (roles == null) {
// use wildcard to indicate any role is accepted
return "*";
} else {
return roles;
}
}
private String includedUrl(String url) {
String candidate = null;
if (inclusions != null && !inclusions.isEmpty()) {
for (String constraint : inclusions.keySet()) {
if (PatternHelper.matchPattern(url, constraint)) {
if (candidate == null) {
candidate = constraint;
} else if (constraint.length() > candidate.length()) {
// we want the constraint that has the longest context-path matching as its
// the most explicit for the target url
candidate = constraint;
}
}
}
return candidate;
}
// by default if no included has been configured then everything is restricted
return "*";
}
private boolean excludedUrl(String url) {
if (exclusions != null && !exclusions.isEmpty()) {
for (String constraint : exclusions) {
if (PatternHelper.matchPattern(url, constraint)) {
// force not matches if this was an exclusion
return true;
}
}
}
return false;
}
public void addInclusion(String constraint) {
if (inclusions == null) {
inclusions = new java.util.LinkedHashMap<>();
}
inclusions.put(constraint, null);
}
public void addInclusion(String constraint, String roles) {
if (inclusions == null) {
inclusions = new java.util.LinkedHashMap<>();
}
inclusions.put(constraint, roles);
}
public void addExclusion(String constraint) {
if (exclusions == null) {
exclusions = new LinkedHashSet<>();
}
exclusions.add(constraint);
}
public void setInclusions(Map inclusions) {
this.inclusions = inclusions;
}
public void setExclusions(Set exclusions) {
this.exclusions = exclusions;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy