下面列出了怎么用javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic的API类实例代码及写法,或者点击链接到github查看源代码。
@RequestMapping ( value = "/{userId}/view", method = RequestMethod.GET )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView viewUser ( @PathVariable ( "userId" ) final String userId, final HttpServletRequest request )
{
final boolean you = isYou ( userId, request );
if ( !you && !request.isUserInRole ( "ADMIN" ) )
{
return CommonController.createAccessDenied ();
}
final DatabaseUserInformation user = this.storage.getUserDetails ( userId );
if ( user == null || user.getDetails ( DatabaseDetails.class ) == null )
{
return CommonController.createNotFound ( "user", userId );
}
final ModelAndView model = new ModelAndView ( "user/view" );
model.put ( "user", user );
model.put ( "you", you );
return model;
}
private static SecurityConstraint createConstraint(
HttpConstraintElement element, String urlPattern, boolean alwaysCreate) {
SecurityConstraint constraint = new SecurityConstraint();
SecurityCollection collection = new SecurityCollection();
boolean create = alwaysCreate;
if (element.getTransportGuarantee() !=
ServletSecurity.TransportGuarantee.NONE) {
constraint.setUserConstraint(element.getTransportGuarantee().name());
create = true;
}
if (element.getRolesAllowed().length > 0) {
String[] roles = element.getRolesAllowed();
for (String role : roles) {
constraint.addAuthRole(role);
}
create = true;
}
if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) {
constraint.setAuthConstraint(true);
create = true;
}
if (create) {
collection.addPattern(urlPattern);
constraint.addCollection(collection);
return constraint;
}
return null;
}
/**
* Default constraint is permit with no transport guarantee.
*/
public HttpConstraintElement() {
// Default constructor
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
private static SecurityConstraint createConstraint(
HttpConstraintElement element, String urlPattern, boolean alwaysCreate) {
SecurityConstraint constraint = new SecurityConstraint();
SecurityCollection collection = new SecurityCollection();
boolean create = alwaysCreate;
if (element.getTransportGuarantee() !=
ServletSecurity.TransportGuarantee.NONE) {
constraint.setUserConstraint(element.getTransportGuarantee().name());
create = true;
}
if (element.getRolesAllowed().length > 0) {
String[] roles = element.getRolesAllowed();
for (String role : roles) {
constraint.addAuthRole(role);
}
create = true;
}
if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) {
constraint.setAuthConstraint(true);
create = true;
}
if (create) {
collection.addPattern(urlPattern);
constraint.addCollection(collection);
return constraint;
}
return null;
}
/**
* Default constraint is permit with no transport guarantee.
*/
public HttpConstraintElement() {
// Default constructor
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
/**
* Convenience constructor to specify transport guarantee and/or roles.
*/
public HttpConstraintElement(TransportGuarantee transportGuarantee,
String... rolesAllowed) {
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
*
* @param emptyRoleSemantic
* @param transportGuarantee
* @param rolesAllowed
* @throws IllegalArgumentException if roles are specified when DENY is used
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic,
TransportGuarantee transportGuarantee, String... rolesAllowed) {
if (rolesAllowed != null && rolesAllowed.length > 0 &&
EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) {
throw new IllegalArgumentException(lStrings.getString(
"httpConstraintElement.invalidRolesDeny"));
}
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
private static SecurityConstraint createConstraint(
HttpConstraintElement element, String urlPattern, boolean alwaysCreate) {
SecurityConstraint constraint = new SecurityConstraint();
SecurityCollection collection = new SecurityCollection();
boolean create = alwaysCreate;
if (element.getTransportGuarantee() !=
ServletSecurity.TransportGuarantee.NONE) {
constraint.setUserConstraint(element.getTransportGuarantee().name());
create = true;
}
if (element.getRolesAllowed().length > 0) {
String[] roles = element.getRolesAllowed();
for (String role : roles) {
constraint.addAuthRole(role);
}
create = true;
}
if (element.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT) {
constraint.setAuthConstraint(true);
create = true;
}
if (create) {
collection.addPattern(urlPattern);
constraint.addCollection(collection);
return constraint;
}
return null;
}
/**
* Default constraint is permit with no transport guarantee.
*/
public HttpConstraintElement() {
// Default constructor
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
/**
* Convenience constructor to specify transport guarantee and/or roles.
*/
public HttpConstraintElement(TransportGuarantee transportGuarantee,
String... rolesAllowed) {
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
*
* @param emptyRoleSemantic
* @param transportGuarantee
* @param rolesAllowed
* @throws IllegalArgumentException if roles are specified when DENY is used
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic,
TransportGuarantee transportGuarantee, String... rolesAllowed) {
if (rolesAllowed != null && rolesAllowed.length > 0 &&
EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) {
throw new IllegalArgumentException(lStrings.getString(
"httpConstraintElement.invalidRolesDeny"));
}
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
public static boolean isAllowed ( final HttpConstraint constraint, final HttpServletRequest request )
{
final EmptyRoleSemantic empty = constraint.value ();
final String[] allowedRoles = constraint.rolesAllowed ();
if ( allowedRoles == null || allowedRoles.length <= 0 )
{
// no roles
if ( EmptyRoleSemantic.PERMIT.equals ( empty ) )
{
return true;
}
else
{
return false;
}
}
else
{
// check all roles .. one is ok
for ( final String role : allowedRoles )
{
if ( request.isUserInRole ( role ) )
{
return true;
}
}
// we ran out of options
return false;
}
}
@RequestMapping ( "/{userId}/newPassword" )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView changePassword ( @PathVariable ( "userId" ) final String userId, final HttpServletRequest request )
{
final Map<String, Object> model = new HashMap<> ();
final boolean you = isYou ( userId, request );
if ( !you && !request.isUserInRole ( "ADMIN" ) )
{
return CommonController.createAccessDenied ();
}
final DatabaseUserInformation user = this.storage.getUserDetails ( userId );
if ( user == null )
{
return CommonController.createNotFound ( "user", userId );
}
final DatabaseDetails details = user.getDetails ( DatabaseDetails.class );
if ( details == null )
{
return CommonController.createNotFound ( "details", userId );
}
final NewPassword data = new NewPassword ();
data.setEmail ( details.getEmail () );
model.put ( "you", you );
model.put ( "command", data );
return new ModelAndView ( "user/newPassword", model );
}
@RequestMapping ( value = "/{userId}/newPassword", method = RequestMethod.POST )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView changePasswordPost ( @PathVariable ( "userId" ) final String userId, @Valid @FormData ( "command" ) final NewPassword data, final BindingResult result, final HttpServletRequest request )
{
final boolean you = isYou ( userId, request );
if ( !you && !request.isUserInRole ( "ADMIN" ) )
{
return CommonController.createAccessDenied ();
}
final Map<String, Object> model = new HashMap<> ();
model.put ( "you", you );
if ( result.hasErrors () )
{
model.put ( "command", data );
return new ModelAndView ( "user/newPassword", model );
}
try
{
if ( !you /* but we are ADMIN */ )
{
this.storage.updatePassword ( userId, null, data.getPassword () );
}
else
{
this.storage.updatePassword ( userId, data.getCurrentPassword (), data.getPassword () );
}
return new ModelAndView ( "redirect:/user/" + userId + "/view" );
}
catch ( final Exception e )
{
return CommonController.createError ( "Error", "Failed to change password", e );
}
}
/**
* Constructor.
*/
public HttpConstraintElement() {
this(EmptyRoleSemantic.PERMIT);
}
/**
* Convenience constructor for {@link EmptyRoleSemantic#DENY}.
*
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
public EmptyRoleSemantic getEmptyRoleSemantic() {
return emptyRoleSemantic;
}
/**
* Constructs a default HTTP constraint element
*/
public HttpConstraintElement() {
this(EmptyRoleSemantic.PERMIT);
}
/**
* Convenience constructor for {@link EmptyRoleSemantic#DENY}.
*
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
public EmptyRoleSemantic getEmptyRoleSemantic() {
return emptyRoleSemantic;
}
@RequestMapping ( value = "/channel/{channelId}/export", method = RequestMethod.GET )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView exportChannel ( @PathVariable ( "channelId" ) final String channelId, final HttpServletResponse response )
{
return performExport ( response, makeExportFileName ( channelId ), ( stream ) -> this.transferService.exportChannel ( channelId, stream ) );
}
@RequestMapping ( value = "/channel/export", method = RequestMethod.GET )
@HttpConstraint ( value = EmptyRoleSemantic.PERMIT )
public ModelAndView exportAll ( final HttpServletResponse response )
{
return performExport ( response, makeExportFileName ( null ), this.transferService::exportAll );
}
/**
* Construct a constraint with a transport guarantee and roles.
*
* @param transportGuarantee The transport guarantee to apply to the newly
* created constraint
* @param rolesAllowed The roles to associate with the newly created
* constraint
*/
public HttpConstraintElement(TransportGuarantee transportGuarantee,
String... rolesAllowed) {
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
* Construct a constraint with an empty role semantic, a transport guarantee
* and roles.
*
* @param emptyRoleSemantic The empty role semantic to apply to the newly
* created constraint
* @param transportGuarantee The transport guarantee to apply to the newly
* created constraint
* @param rolesAllowed The roles to associate with the newly created
* constraint
* @throws IllegalArgumentException if roles are specified when DENY is used
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic,
TransportGuarantee transportGuarantee, String... rolesAllowed) {
if (rolesAllowed != null && rolesAllowed.length > 0 &&
EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) {
throw new IllegalArgumentException(lStrings.getString(
"httpConstraintElement.invalidRolesDeny"));
}
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
* Constructor to establish all of getEmptyRoleSemantic,
* getRolesAllowed, and getTransportGuarantee.
*
* @param semantic <tt>EmptyRoleSemantic.DENY</tt> or
* <tt>EmptyRoleSemantic.PERMIT</tt>
* @param guarantee <tt>TransportGuarantee.NONE</tt> or
* <tt>TransportGuarantee.CONFIDENTIAL</tt>
* @param roleNames the names of the roles that are to be allowed
* access, or missing if the semantic is <tt>EmptyRoleSemantic.DENY</tt>
*/
public HttpConstraintElement(EmptyRoleSemantic semantic,
TransportGuarantee guarantee, String... roleNames) {
if (semantic == EmptyRoleSemantic.DENY && roleNames.length > 0) {
throw new IllegalArgumentException(
"Deny semantic with rolesAllowed");
}
this.emptyRoleSemantic = semantic;
this.transportGuarantee = guarantee;
this.rolesAllowed = copyStrings(roleNames);
}
/**
* Construct a constraint with an empty role semantic. Typically used with
* {@link EmptyRoleSemantic#DENY}.
*
* @param emptyRoleSemantic The empty role semantic to apply to the newly
* created constraint
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
/**
* TODO
* @return TODO
*/
public EmptyRoleSemantic getEmptyRoleSemantic() {
return emptyRoleSemantic;
}
/**
* Constructor.
*
* @param emptyRoleSemantic the EmptyRoleSemantic.
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) {
this(emptyRoleSemantic, TransportGuarantee.NONE, new String[0]);
}
/**
* Constructor.
*
* @param transportGuarantee the TransportGuarantee.
* @param rolesAllowed the roles allowed.
*/
public HttpConstraintElement(TransportGuarantee transportGuarantee, String... rolesAllowed) {
this(EmptyRoleSemantic.PERMIT, transportGuarantee, rolesAllowed);
}
/**
* Constructor.
*
* @param emptyRoleSemantic the EmptyRoleSemantic.
* @param transportGuarantee the TransportGuarantee.
* @param rolesAllowed the roles allowed.
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic, TransportGuarantee transportGuarantee, String... rolesAllowed) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}