下面列出了怎么用javax.servlet.annotation.ServletSecurity.TransportGuarantee的API类实例代码及写法,或者点击链接到github查看源代码。
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new TesterServlet();
ServletRegistration.Dynamic sr = ctx.addServlet("test", s);
sr.addMapping("/test");
// Add a constraint with uncovered methods
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
HttpMethodConstraintElement hmce =
new HttpMethodConstraintElement("POST", hce);
Set<HttpMethodConstraintElement> hmces = new HashSet<>();
hmces.add(hmce);
ServletSecurityElement sse = new ServletSecurityElement(hmces);
sr.setServletSecurity(sse);
}
/**
* Default constraint is permit with no transport guarantee.
*/
public HttpConstraintElement() {
// Default constructor
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new TesterServlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
/**
* Default constraint is permit with no transport guarantee.
*/
public HttpConstraintElement() {
// Default constructor
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
/**
* Convenience constructor to specify transport guarantee and/or roles.
*/
public HttpConstraintElement(TransportGuarantee transportGuarantee,
String... rolesAllowed) {
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
*
* @param emptyRoleSemantic
* @param transportGuarantee
* @param rolesAllowed
* @throws IllegalArgumentException if roles are specified when DENY is used
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic,
TransportGuarantee transportGuarantee, String... rolesAllowed) {
if (rolesAllowed != null && rolesAllowed.length > 0 &&
EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) {
throw new IllegalArgumentException(lStrings.getString(
"httpConstraintElement.invalidRolesDeny"));
}
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new Bug50015Servlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
/**
* Default constraint is permit with no transport guarantee.
*/
public HttpConstraintElement() {
// Default constructor
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
/**
* Convenience constructor to specify transport guarantee and/or roles.
*/
public HttpConstraintElement(TransportGuarantee transportGuarantee,
String... rolesAllowed) {
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
*
* @param emptyRoleSemantic
* @param transportGuarantee
* @param rolesAllowed
* @throws IllegalArgumentException if roles are specified when DENY is used
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic,
TransportGuarantee transportGuarantee, String... rolesAllowed) {
if (rolesAllowed != null && rolesAllowed.length > 0 &&
EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) {
throw new IllegalArgumentException(lStrings.getString(
"httpConstraintElement.invalidRolesDeny"));
}
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
@Override
public void onStartup(Set<Class<?>> c, ServletContext ctx)
throws ServletException {
// Register and map servlet
Servlet s = new Bug50015Servlet();
ServletRegistration.Dynamic sr = ctx.addServlet("bug50015", s);
sr.addMapping("/bug50015");
// Limit access to users in the Tomcat role
HttpConstraintElement hce = new HttpConstraintElement(
TransportGuarantee.NONE, "tomcat");
ServletSecurityElement sse = new ServletSecurityElement(hce);
sr.setServletSecurity(sse);
}
/**
* Enforce any user data constraint required by the security constraint
* guarding this request URI. Return <code>true</code> if this constraint
* was not violated and processing should continue, or <code>false</code>
* if we have created a response already.
*
* @param request Request we are processing
* @param response Response we are creating
* @param constraints Security constraint being checked
*
* @exception IOException if an input/output error occurs
*/
@Override
public boolean hasUserDataPermission(Request request,
Response response,
SecurityConstraint []constraints)
throws IOException {
// Is there a relevant user data constraint?
if (constraints == null || constraints.length == 0) {
if (log.isDebugEnabled())
log.debug(" No applicable security constraint defined");
return true;
}
for(int i=0; i < constraints.length; i++) {
SecurityConstraint constraint = constraints[i];
String userConstraint = constraint.getUserConstraint();
if (userConstraint == null) {
if (log.isDebugEnabled())
log.debug(" No applicable user data constraint defined");
return true;
}
if (userConstraint.equals(TransportGuarantee.NONE.name())) {
if (log.isDebugEnabled())
log.debug(" User data constraint has no restrictions");
return true;
}
}
// Validate the request against the user data constraint
if (request.getRequest().isSecure()) {
if (log.isDebugEnabled())
log.debug(" User data constraint already satisfied");
return true;
}
// Initialize variables we need to determine the appropriate action
int redirectPort = request.getConnector().getRedirectPort();
// Is redirecting disabled?
if (redirectPort <= 0) {
if (log.isDebugEnabled())
log.debug(" SSL redirect is disabled");
response.sendError
(HttpServletResponse.SC_FORBIDDEN,
request.getRequestURI());
return false;
}
// Redirect to the corresponding SSL port
StringBuilder file = new StringBuilder();
String protocol = "https";
String host = request.getServerName();
// Protocol
file.append(protocol).append("://").append(host);
// Host with port
if(redirectPort != 443) {
file.append(":").append(redirectPort);
}
// URI
file.append(request.getRequestURI());
String requestedSessionId = request.getRequestedSessionId();
if ((requestedSessionId != null) &&
request.isRequestedSessionIdFromURL()) {
file.append(";");
file.append(SessionConfig.getSessionUriParamName(
request.getContext()));
file.append("=");
file.append(requestedSessionId);
}
String queryString = request.getQueryString();
if (queryString != null) {
file.append('?');
file.append(queryString);
}
if (log.isDebugEnabled())
log.debug(" Redirecting to " + file.toString());
response.sendRedirect(file.toString(), transportGuaranteeRedirectStatus);
return false;
}
/**
* Convenience constructor for {@link EmptyRoleSemantic#DENY}.
*
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
public TransportGuarantee getTransportGuarantee() {
return transportGuarantee;
}
/**
* Convenience constructor for {@link EmptyRoleSemantic#DENY}.
*
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
public TransportGuarantee getTransportGuarantee() {
return transportGuarantee;
}
/**
* Construct a constraint with a transport guarantee and roles.
*
* @param transportGuarantee The transport guarantee to apply to the newly
* created constraint
* @param rolesAllowed The roles to associate with the newly created
* constraint
*/
public HttpConstraintElement(TransportGuarantee transportGuarantee,
String... rolesAllowed) {
this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
* Construct a constraint with an empty role semantic, a transport guarantee
* and roles.
*
* @param emptyRoleSemantic The empty role semantic to apply to the newly
* created constraint
* @param transportGuarantee The transport guarantee to apply to the newly
* created constraint
* @param rolesAllowed The roles to associate with the newly created
* constraint
* @throws IllegalArgumentException if roles are specified when DENY is used
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic,
TransportGuarantee transportGuarantee, String... rolesAllowed) {
if (rolesAllowed != null && rolesAllowed.length > 0 &&
EmptyRoleSemantic.DENY.equals(emptyRoleSemantic)) {
throw new IllegalArgumentException(lStrings.getString(
"httpConstraintElement.invalidRolesDeny"));
}
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
* Constructor to establish all of getEmptyRoleSemantic,
* getRolesAllowed, and getTransportGuarantee.
*
* @param semantic <tt>EmptyRoleSemantic.DENY</tt> or
* <tt>EmptyRoleSemantic.PERMIT</tt>
* @param guarantee <tt>TransportGuarantee.NONE</tt> or
* <tt>TransportGuarantee.CONFIDENTIAL</tt>
* @param roleNames the names of the roles that are to be allowed
* access, or missing if the semantic is <tt>EmptyRoleSemantic.DENY</tt>
*/
public HttpConstraintElement(EmptyRoleSemantic semantic,
TransportGuarantee guarantee, String... roleNames) {
if (semantic == EmptyRoleSemantic.DENY && roleNames.length > 0) {
throw new IllegalArgumentException(
"Deny semantic with rolesAllowed");
}
this.emptyRoleSemantic = semantic;
this.transportGuarantee = guarantee;
this.rolesAllowed = copyStrings(roleNames);
}
/**
* Construct a constraint with an empty role semantic. Typically used with
* {@link EmptyRoleSemantic#DENY}.
*
* @param emptyRoleSemantic The empty role semantic to apply to the newly
* created constraint
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = TransportGuarantee.NONE;
this.rolesAllowed = new String[0];
}
/**
* TODO
* @return TODO
*/
public TransportGuarantee getTransportGuarantee() {
return transportGuarantee;
}
/**
* Constructor.
*
* @param emptyRoleSemantic the EmptyRoleSemantic.
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic) {
this(emptyRoleSemantic, TransportGuarantee.NONE, new String[0]);
}
/**
* Constructor.
*
* @param transportGuarantee the TransportGuarantee.
* @param rolesAllowed the roles allowed.
*/
public HttpConstraintElement(TransportGuarantee transportGuarantee, String... rolesAllowed) {
this(EmptyRoleSemantic.PERMIT, transportGuarantee, rolesAllowed);
}
/**
* Constructor.
*
* @param emptyRoleSemantic the EmptyRoleSemantic.
* @param transportGuarantee the TransportGuarantee.
* @param rolesAllowed the roles allowed.
*/
public HttpConstraintElement(EmptyRoleSemantic emptyRoleSemantic, TransportGuarantee transportGuarantee, String... rolesAllowed) {
this.emptyRoleSemantic = emptyRoleSemantic;
this.transportGuarantee = transportGuarantee;
this.rolesAllowed = rolesAllowed;
}
/**
* Get the transport guarantee.
*
* @return the transport guarantee.
*/
public TransportGuarantee getTransportGuarantee() {
return transportGuarantee;
}
/**
* Convenience constructor to establish <tt>EmptyRoleSemantic.DENY</tt>
*
* @param semantic should be EmptyRoleSemantic.DENY
*/
public HttpConstraintElement(EmptyRoleSemantic semantic) {
this(semantic, TransportGuarantee.NONE, new String[0]);
}
/**
* Constructor to establish non-empty getRolesAllowed and/or
* <tt>TransportGuarantee.CONFIDENTIAL</tt>.
*
* @param guarantee <tt>TransportGuarantee.NONE</tt> or
* <tt>TransportGuarantee.CONFIDENTIAL</tt>
* @param roleNames the names of the roles that are to be
* allowed access
*/
public HttpConstraintElement(TransportGuarantee guarantee,
String... roleNames) {
this(EmptyRoleSemantic.PERMIT, guarantee, roleNames);
}
/**
* Gets the data protection requirement (i.e., whether or not SSL/TLS is
* required) that must be satisfied by the transport connection.
*
* @return the {@link TransportGuarantee} indicating the data
* protection that must be provided by the connection
*/
public TransportGuarantee getTransportGuarantee() {
return this.transportGuarantee;
}