You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/02/24 14:20:18 UTC
svn commit: r1732149 -
/tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
Author: markt
Date: Wed Feb 24 13:20:17 2016
New Revision: 1732149
URL: http://svn.apache.org/viewvc?rev=1732149&view=rev
Log:
De-duplication
Modified:
tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java?rev=1732149&r1=1732148&r2=1732149&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java Wed Feb 24 13:20:17 2016
@@ -724,32 +724,7 @@ public class SecurityConstraint implemen
// pattern is fully covered.
omittedMethods.removeAll(methods);
- if (omittedMethods.size() > 0) {
- StringBuilder msg = new StringBuilder();
- for (String method : omittedMethods) {
- msg.append(method);
- msg.append(' ');
- }
- if (denyUncoveredHttpMethods) {
- log.info(sm.getString(
- "securityConstraint.uncoveredHttpOmittedMethodFix",
- pattern, msg.toString().trim()));
- SecurityCollection collection = new SecurityCollection();
- for (String method : omittedMethods) {
- collection.addMethod(method);
- }
- collection.addPattern(pattern);
- collection.setName("deny-uncovered-http-methods");
- SecurityConstraint constraint = new SecurityConstraint();
- constraint.setAuthConstraint(true);
- constraint.addCollection(collection);
- newConstraints.add(constraint);
- } else {
- log.error(sm.getString(
- "securityConstraint.uncoveredHttpOmittedMethod",
- pattern, msg.toString().trim()));
- }
- }
+ handleOmittedMethods(omittedMethods, pattern, denyUncoveredHttpMethods, newConstraints, log);
}
for (Map.Entry<String, Set<String>> entry :
urlOmittedMethodMap.entrySet()) {
@@ -759,37 +734,41 @@ public class SecurityConstraint implemen
continue;
}
- Set<String> omittedMethods = entry.getValue();
+ handleOmittedMethods(entry.getValue(), pattern, denyUncoveredHttpMethods,
+ newConstraints, log);
+ }
- if (omittedMethods.size() > 0) {
- StringBuilder msg = new StringBuilder();
+ return newConstraints.toArray(new SecurityConstraint[newConstraints.size()]);
+ }
+
+
+ private static void handleOmittedMethods(Set<String> omittedMethods, String pattern,
+ boolean denyUncoveredHttpMethods, List<SecurityConstraint> newConstraints, Log log) {
+ if (omittedMethods.size() > 0) {
+ StringBuilder msg = new StringBuilder();
+ for (String method : omittedMethods) {
+ msg.append(method);
+ msg.append(' ');
+ }
+ if (denyUncoveredHttpMethods) {
+ log.info(sm.getString(
+ "securityConstraint.uncoveredHttpOmittedMethodFix",
+ pattern, msg.toString().trim()));
+ SecurityCollection collection = new SecurityCollection();
for (String method : omittedMethods) {
- msg.append(method);
- msg.append(' ');
- }
- if (denyUncoveredHttpMethods) {
- log.info(sm.getString(
- "securityConstraint.uncoveredHttpOmittedMethodFix",
- pattern, msg.toString().trim()));
- SecurityCollection collection = new SecurityCollection();
- for (String method : omittedMethods) {
- collection.addMethod(method);
- }
- collection.addPattern(pattern);
- collection.setName("deny-uncovered-http-methods");
- SecurityConstraint constraint = new SecurityConstraint();
- constraint.setAuthConstraint(true);
- constraint.addCollection(collection);
- newConstraints.add(constraint);
- } else {
- log.error(sm.getString(
- "securityConstraint.uncoveredHttpOmittedMethod",
- pattern, msg.toString().trim()));
+ collection.addMethod(method);
}
+ collection.addPattern(pattern);
+ collection.setName("deny-uncovered-http-methods");
+ SecurityConstraint constraint = new SecurityConstraint();
+ constraint.setAuthConstraint(true);
+ constraint.addCollection(collection);
+ newConstraints.add(constraint);
+ } else {
+ log.error(sm.getString(
+ "securityConstraint.uncoveredHttpOmittedMethod",
+ pattern, msg.toString().trim()));
}
}
-
- return newConstraints.toArray(
- new SecurityConstraint[newConstraints.size()]);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org