You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by xu...@apache.org on 2010/04/16 03:55:33 UTC
svn commit: r934665 - in
/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment:
merge/annotation/ security/
Author: xuhaihong
Date: Fri Apr 16 01:55:32 2010
New Revision: 934665
URL: http://svn.apache.org/viewvc?rev=934665&view=rev
Log:
Support omissionHttpMethod configuration in security-constraint imported in servlet 3.0
Modified:
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java
geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java?rev=934665&r1=934664&r2=934665&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java Fri Apr 16 01:55:32 2010
@@ -31,6 +31,7 @@ import javax.servlet.annotation.ServletS
import org.apache.geronimo.common.DeploymentException;
import org.apache.geronimo.web25.deployment.merge.MergeContext;
import org.apache.geronimo.web25.deployment.merge.webfragment.ServletMappingMergeHandler;
+import org.apache.geronimo.web25.deployment.security.HTTPMethods;
import org.apache.geronimo.xbeans.javaee6.AuthConstraintType;
import org.apache.geronimo.xbeans.javaee6.SecurityConstraintType;
import org.apache.geronimo.xbeans.javaee6.ServletMappingType;
@@ -49,18 +50,6 @@ public class ServletSecurityAnnotationMe
private static final Logger logger = LoggerFactory.getLogger(ServletSecurityAnnotationMergeHandler.class);
- public static final Set<String> SUPPORTED_HTTP_METHODS = new HashSet<String>();
- static {
- SUPPORTED_HTTP_METHODS.add("OPTIONS");
- SUPPORTED_HTTP_METHODS.add("GET");
- SUPPORTED_HTTP_METHODS.add("HEAD");
- SUPPORTED_HTTP_METHODS.add("POST");
- SUPPORTED_HTTP_METHODS.add("PUT");
- SUPPORTED_HTTP_METHODS.add("DELETE");
- SUPPORTED_HTTP_METHODS.add("TRACE");
- SUPPORTED_HTTP_METHODS.add("CONNECT");
- }
-
@Override
public void merge(Class<?>[] classes, WebAppType webApp, MergeContext mergeContext) throws DeploymentException {
}
@@ -177,18 +166,12 @@ public class ServletSecurityAnnotationMe
return securityConstraint;
}
- private void addSecurityConstraintHttpMethod(SecurityConstraintType securityConstraint, String httpMethod) {
- WebResourceCollectionType webResourceCollection = securityConstraint.getWebResourceCollectionArray().length == 0 ? securityConstraint.addNewWebResourceCollection() : securityConstraint
- .getWebResourceCollectionArray(0);
- webResourceCollection.addNewHttpMethod().setStringValue(httpMethod);
- }
-
private String normalizeHTTPMethod(String servletClassName, String httpMethod) throws DeploymentException {
if (httpMethod == null || httpMethod.isEmpty()) {
throw new DeploymentException("HTTP protocol method could not be null or empty string in the ServletSecurity anntation of the class " + servletClassName);
}
httpMethod = httpMethod.toUpperCase();
- if (!SUPPORTED_HTTP_METHODS.contains(httpMethod)) {
+ if (!HTTPMethods.SUPPORTED_HTTP_METHODS.contains(httpMethod)) {
throw new DeploymentException("Invalid HTTP protocol method " + httpMethod + " in the ServletSecurity annotation of the class " + servletClassName);
}
return httpMethod;
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java?rev=934665&r1=934664&r2=934665&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java Fri Apr 16 01:55:32 2010
@@ -20,6 +20,7 @@
package org.apache.geronimo.web25.deployment.security;
+import java.util.Collections;
import java.util.Set;
import java.util.HashSet;
import java.util.regex.Pattern;
@@ -30,6 +31,21 @@ import java.util.regex.Pattern;
* @version $Rev$ $Date$
*/
public class HTTPMethods {
+
+ public static final Set<String> SUPPORTED_HTTP_METHODS;
+ static {
+ Set<String> supportedHttpMethods = new HashSet<String>();
+ supportedHttpMethods.add("OPTIONS");
+ supportedHttpMethods.add("GET");
+ supportedHttpMethods.add("HEAD");
+ supportedHttpMethods.add("POST");
+ supportedHttpMethods.add("PUT");
+ supportedHttpMethods.add("DELETE");
+ supportedHttpMethods.add("TRACE");
+ //supportedHttpMethods.add("CONNECT");
+ SUPPORTED_HTTP_METHODS = Collections.unmodifiableSet(supportedHttpMethods);
+ }
+
private static final Pattern TOKEN_PATTERN = Pattern.compile("[!-~&&[^\\(\\)\\<\\>@,;:\\\\\"/\\[\\]\\?=\\{\\}]]*");
private final Set<String> methods = new HashSet<String>();
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java?rev=934665&r1=934664&r2=934665&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java Fri Apr 16 01:55:32 2010
@@ -118,10 +118,8 @@ public class SpecSecurityBuilder {
}
String[] httpMethodTypeArray = webResourceCollectionType.getHttpMethodArray();
- if (httpMethodTypeArray.length == 0) {
- pattern.addMethod("");
- allPattern.addMethod("");
- } else {
+ String[] omissionHttpMethods = webResourceCollectionType.getHttpMethodOmissionArray();
+ if (httpMethodTypeArray.length > 0) {
for (String aHttpMethodTypeArray : httpMethodTypeArray) {
String method = (aHttpMethodTypeArray == null ? null : aHttpMethodTypeArray.trim());
if (method != null) {
@@ -129,7 +127,23 @@ public class SpecSecurityBuilder {
allPattern.addMethod(method);
}
}
+ } else if (omissionHttpMethods.length > 0) {
+ Set<String> httpMethods = new HashSet<String>(HTTPMethods.SUPPORTED_HTTP_METHODS);
+ for (String omissionHttpMethod : omissionHttpMethods) {
+ String nomalizedOmissionHttpMethod = omissionHttpMethod == null ? null : omissionHttpMethod.trim().toUpperCase();
+ if (nomalizedOmissionHttpMethod != null) {
+ httpMethods.remove(nomalizedOmissionHttpMethod);
+ }
+ }
+ for (String httpMethod : httpMethods) {
+ pattern.addMethod(httpMethod);
+ allPattern.addMethod(httpMethod);
+ }
+ } else {
+ pattern.addMethod("");
+ allPattern.addMethod("");
}
+
if (currentPatterns == rolesPatterns) {
RoleNameType[] roleNameTypeArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
for (RoleNameType roleNameType : roleNameTypeArray) {