You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ad...@apache.org on 2003/11/08 06:57:07 UTC
cvs commit: incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util ConfigurationUtil.java URLPattern.java URLPatternCheck.java
adc 2003/11/07 21:57:07
Added: modules/core/src/java/org/apache/geronimo/security/util
ConfigurationUtil.java URLPattern.java
URLPatternCheck.java
Log:
Utility classes that help the mapping of Web and EJB modules
into permissions.
Revision Changes Path
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java
Index: ConfigurationUtil.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.util;
import org.apache.geronimo.deployment.model.web.WebApp;
import org.apache.geronimo.deployment.model.web.SecurityConstraint;
import org.apache.geronimo.deployment.model.web.WebResourceCollection;
import org.apache.geronimo.deployment.model.j2ee.SecurityRole;
import org.apache.geronimo.deployment.model.j2ee.SecurityRoleRef;
import org.apache.geronimo.deployment.model.ejb.EjbJar;
import org.apache.geronimo.deployment.model.ejb.EnterpriseBeans;
import org.apache.geronimo.deployment.model.ejb.Entity;
import org.apache.geronimo.deployment.model.ejb.Session;
import org.apache.geronimo.deployment.model.ejb.AssemblyDescriptor;
import org.apache.geronimo.deployment.model.ejb.MethodPermission;
import org.apache.geronimo.deployment.model.ejb.ExcludeList;
import org.apache.geronimo.deployment.model.ejb.Method;
import org.apache.geronimo.deployment.model.ejb.RpcBean;
import org.apache.geronimo.security.GeronimoSecurityException;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyContextHandler;
import javax.security.jacc.PolicyContext;
import java.util.HashSet;
import java.util.HashMap;
import java.util.Iterator;
/**
* A collection of utility functions that assist with the configuration of
* <code>PolicyConfiguration</code>s.
*
* @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $
* @see javax.security.jacc.PolicyConfiguration
* @see "JSR 115" Java Authorization Contract for Containers
*/
public class ConfigurationUtil {
/**
* A simple helper method to register PolicyContextHandlers
* @param handler an object that implements the <code>PolicyContextHandler</code>
* interface. The value of this parameter must not be null.
* @param replace this boolean value defines the behavior of this method
* if, when it is called, a <code>PolicyContextHandler</code> has already
* been registered to handle the same key. In that case, and if the value
* of this argument is true, the existing handler is replaced with the
* argument handler. If the value of this parameter is false the existing
* registration is preserved and an exception is thrown.
*/
public static void registerPolicyContextHandler(PolicyContextHandler handler, boolean replace) throws PolicyContextException {
String[] keys = handler.getKeys();
for (int i=0; i<keys.length; i++) {
PolicyContext.registerHandler(keys[i], handler, replace);
}
}
/**
* Translate the web deployment descriptors into equivalent security
* permissions. These permissions are placed into the appropriate
* <code>PolicyConfiguration</code> object as defined in the JAAC spec.
* @param webApp the deployment descriptor from which to obtain the
* security constraints that are to be translated.
* @throws org.apache.geronimo.security.GeronimoSecurityException if there is any violation of the semantics of
* the security descriptor or the state of the module configuration.
* @see javax.security.jacc.PolicyConfiguration
* @see "Java Authorization Contract for Containers", section 3.1.3
* @jmx:managed-operation
*/
public static void configure(PolicyConfiguration configuration, WebApp webApp) throws GeronimoSecurityException {
HashSet securityRoles = new HashSet();
SecurityRole[] securityRolesArray = webApp.getSecurityRole();
for (int i = 0; i < securityRolesArray.length; i++) {
securityRoles.add(securityRolesArray[i].getRoleName());
}
HashMap uncheckedPatterns = new HashMap();
HashMap excludedPatterns = new HashMap();
HashMap rolesPatterns = new HashMap();
HashSet allSet = new HashSet();
HashMap allMap = new HashMap();
SecurityConstraint[] s = webApp.getSecurityConstraint();
for (int i = 0; i < s.length; i++) {
HashMap currentPatterns;
if (s[i].getAuthConstraint() == null) {
currentPatterns = uncheckedPatterns;
} else if (s[i].getAuthConstraint().getRoleName().length == 0) {
currentPatterns = excludedPatterns;
} else {
currentPatterns = rolesPatterns;
}
String transport = "";
if (s[i].getUserDataConstraint() != null) {
transport = s[i].getUserDataConstraint().getTransportGuarantee();
}
WebResourceCollection[] collection = s[i].getWebResourceCollection();
for (int j = 0; j < collection.length; j++) {
String[] methods = collection[j].getHttpMethod();
String[] patterns = collection[j].getUrlPattern();
for (int k = 0; k < patterns.length; k++) {
URLPattern pattern = (URLPattern) currentPatterns.get(patterns[k]);
if (pattern == null) {
pattern = new URLPattern(patterns[k]);
currentPatterns.put(patterns[k], pattern);
}
URLPattern allPattern = (URLPattern) allMap.get(patterns[k]);
if (allPattern == null) {
allPattern = new URLPattern(patterns[k]);
allSet.add(allPattern);
allMap.put(patterns[k], allPattern);
}
for (int l = 0; l < methods.length; l++) {
pattern.addMethod(methods[l]);
allPattern.addMethod(methods[l]);
}
if (methods.length == 0) {
pattern.addMethod("");
allPattern.addMethod("");
}
if (currentPatterns == rolesPatterns) {
String[] roles = s[i].getAuthConstraint().getRoleName();
for (int l = 0; l < roles.length; l++) {
if (roles[l].equals("*")) {
pattern.addAllRoles(securityRoles);
} else {
pattern.addRole(roles[l]);
}
}
}
pattern.setTransport(transport);
}
}
}
try {
/**
*
*/
Iterator iter = excludedPatterns.keySet().iterator();
while (iter.hasNext()) {
URLPattern pattern = (URLPattern) excludedPatterns.get(iter.next());
String name = pattern.getQualifiedPattern(allSet);
String actions = pattern.getMethods();
configuration.addToExcludedPolicy(new WebResourcePermission(name, actions));
configuration.addToExcludedPolicy(new WebUserDataPermission(name, actions));
}
/**
*
*/
iter = rolesPatterns.keySet().iterator();
while (iter.hasNext()) {
URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
String name = pattern.getQualifiedPattern(allSet);
String actions = pattern.getMethods();
WebResourcePermission permission = new WebResourcePermission(name, actions);
Iterator names = pattern.getRoles().iterator();
while (names.hasNext()) {
configuration.addToRole((String) names.next(), permission);
}
}
/**
*
*/
iter = uncheckedPatterns.keySet().iterator();
while (iter.hasNext()) {
URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
String name = pattern.getQualifiedPattern(allSet);
String actions = pattern.getMethods();
configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
}
/**
*
*/
iter = rolesPatterns.keySet().iterator();
while (iter.hasNext()) {
URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
String name = pattern.getQualifiedPattern(allSet);
String actions = pattern.getMethodsWithTransport();
configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
}
iter = uncheckedPatterns.keySet().iterator();
while (iter.hasNext()) {
URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
String name = pattern.getQualifiedPattern(allSet);
String actions = pattern.getMethodsWithTransport();
configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
}
/**
* A <code>WebResourcePermission</code> and a <code>WebUserDataPermission</code> must be instantiated for
* each <tt>url-pattern</tt> in the deployment descriptor and the default pattern "/", that is not combined
* by the <tt>web-resource-collection</tt> elements of the deployment descriptor with ever HTTP method
* value. The permission objects must be contructed using the qualified pattern as their name and with
* actions defined by the subset of the HTTP methods that do not occur in combination with the pattern.
* The resulting permissions that must be added to the unchecked policy statements by calling the
* <code>addToUncheckedPolcy</code> method on the <code>PolicyConfiguration</code> object.
*/
iter = allSet.iterator();
while (iter.hasNext()) {
URLPattern pattern = (URLPattern) iter.next();
String name = pattern.getQualifiedPattern(allSet);
String actions = pattern.getComplementedMethods();
if (actions.length() == 0) continue;
configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
}
URLPattern pattern = new URLPattern("/");
if (!allSet.contains(pattern)) {
String name = pattern.getQualifiedPattern(allSet);
String actions = pattern.getComplementedMethods();
configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
}
} catch (PolicyContextException e) {
throw new GeronimoSecurityException(e);
}
}
public static void configure(PolicyConfiguration configuration, EjbJar ejbJar) throws GeronimoSecurityException {
EnterpriseBeans enterpriseBeans = ejbJar.getEnterpriseBeans();
Entity[] entityBeans = enterpriseBeans.getEntity();
Session[] sessionBeans = enterpriseBeans.getSession();
AssemblyDescriptor assemblyDescriptor = ejbJar.getAssemblyDescriptor();
MethodPermission[] methodPermissions = assemblyDescriptor.getMethodPermission();
ExcludeList excludeList = assemblyDescriptor.getExcludeList();
/**
* Section 3.1.5.1
*/
for (int i = 0; i < methodPermissions.length; i++) {
MethodPermission methodPermission = methodPermissions[i];
Method[] methods = methodPermission.getMethod();
for (int j = 0; j < methods.length; j++) {
Method method = methods[j];
EJBMethodPermission permission = new EJBMethodPermission(method.getEjbName(),
method.getMethodName(),
method.getMethodIntf(),
method.getMethodParam());
try {
if (methodPermission.isUnchecked()) {
configuration.addToUncheckedPolicy(permission);
} else {
String[] roleNames = methodPermission.getRoleName();
for (int k = 0; k < roleNames.length; k++) {
configuration.addToRole(roleNames[k], permission);
}
}
} catch (PolicyContextException e) {
throw new GeronimoSecurityException(e);
}
}
}
/**
* Section 3.1.5.2
*/
Method[] methods = excludeList.getMethod();
try {
for (int i = 0; i < methods.length; i++) {
EJBMethodPermission permission = new EJBMethodPermission(methods[i].getEjbName(),
methods[i].getMethodName(),
methods[i].getMethodIntf(),
methods[i].getMethodParam());
configuration.addToExcludedPolicy(permission);
}
} catch (PolicyContextException e) {
throw new GeronimoSecurityException(e);
}
/**
* Section 3.1.5.3
*/
for (int i = 0; i < entityBeans.length; i++) {
translateSecurityRoleRefs(configuration, entityBeans[i]);
}
for (int i = 0; i < sessionBeans.length; i++) {
translateSecurityRoleRefs(configuration, sessionBeans[i]);
}
}
private static void translateSecurityRoleRefs(PolicyConfiguration configuration, RpcBean bean) throws GeronimoSecurityException {
try {
SecurityRoleRef[] roleRefs = bean.getSecurityRoleRef();
for (int i = 0; i < roleRefs.length; i++) {
String roleName = roleRefs[i].getRoleName();
String roleLink = roleRefs[i].getRoleLink();
configuration.addToRole(roleLink, new EJBRoleRefPermission(bean.getEJBName(), roleName));
}
} catch (PolicyContextException e) {
throw new GeronimoSecurityException(e);
}
}
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/URLPattern.java
Index: URLPattern.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.util;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Collection;
/**
* Utility class for <code>WebModuleConfiguration</code>. This class is used to generate qualified patterns, HTTP
* method sets, complements of HTTP method sets, and HTTP method sets w/ transport restrictions for URL patterns that
* are found in the web deployment descriptor.
* @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $
* @see org.apache.geronimo.security.WebModuleConfiguration
*/
class URLPattern {
private final static String[] HTTP_METHODS = {"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "TRACE"};
private final static int[] HTTP_MASKS = {0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40};
private final static int NA = 0x00;
private final static int INTEGRAL = 0x01;
private final static int CONFIDENTIAL = 0x02;
private URLPatternCheck type;
private String pattern;
private int mask;
private int transport;
private HashSet roles = new HashSet();
/**
* Construct an instance of the utility class for <code>WebModuleConfiguration</code>.
* @param pat the URL pattern that this instance is to collect information on
* @see org.apache.geronimo.security.WebModuleConfiguration
* @see "JSR 115, section 3.1.3" Translating Servlet Deployment Descriptors
*/
URLPattern(String pat) {
if (pat == null) throw new java.lang.IllegalArgumentException("URL pattern cannot be null");
if (pat.length() == 0) throw new java.lang.IllegalArgumentException("URL pattern cannot be empty");
if (pat.equals("/") || pat.equals("/*")) {
type = DEFAULT;
} else if (pat.charAt(0) == '/' && pat.endsWith("/*")) {
type = PATH_PREFIX;
} else if (pat.charAt(0) == '*') {
type = EXTENSION;
} else {
type = EXACT;
}
pattern = pat;
}
/**
* Get a qualifed URL pattern relative to a particular set of URL patterns. This algorithm is described in
* JSR 115, section 3.1.3.1 "Qualified URL Pattern Names".
* @param patterns the set of possible URL patterns that could be used to qualify this pattern
* @return a qualifed URL pattern
*/
String getQualifiedPattern(HashSet patterns) {
if (type == EXACT) {
return pattern;
} else {
HashSet bucket = new HashSet();
StringBuffer result = new StringBuffer(pattern);
Iterator iter = patterns.iterator();
// Collect a set of qualifying patterns, depending on the type of this pattern.
while (iter.hasNext()) {
URLPattern p = (URLPattern) iter.next();
if (type.check(this, p)) {
bucket.add(p.pattern);
}
}
// append the set of qualifying patterns
iter = bucket.iterator();
while (iter.hasNext()) {
result.append(':');
result.append((String) iter.next());
}
return result.toString();
}
}
/**
* Add a method to the union of HTTP methods associated with this URL pattern. An empty string is short hand for
* the set of all HTTP methods.
* @param method the HTTP method to be added to the set.
*/
void addMethod(String method) {
if (method.length() == 0) {
mask = 0xFF;
return;
}
boolean found = false;
for (int j = 0; j < HTTP_METHODS.length; j++) {
if (method.equals(HTTP_METHODS[j])) {
mask |= HTTP_MASKS[j];
found = true;
break;
}
}
if (!found) throw new IllegalArgumentException("Invalid HTTP method");
}
/**
* Return the set of HTTP methods that have been associated with this URL pattern.
* @return a set of HTTP methods
*/
String getMethods() {
StringBuffer buffer = null;
for (int i = 0; i < HTTP_MASKS.length; i++) {
if ((mask & HTTP_MASKS[i]) > 0) {
if (buffer == null) {
buffer = new StringBuffer();
} else {
buffer.append(",");
}
buffer.append(HTTP_METHODS[i]);
}
}
return (buffer == null ? "" : buffer.toString());
}
String getComplementedMethods() {
StringBuffer buffer = null;
for (int i = 0; i < HTTP_MASKS.length; i++) {
if ((mask & HTTP_MASKS[i]) == 0) {
if (buffer == null) {
buffer = new StringBuffer();
} else {
buffer.append(",");
}
buffer.append(HTTP_METHODS[i]);
}
}
return (buffer == null ? "" : buffer.toString());
}
String getMethodsWithTransport() {
StringBuffer buffer = new StringBuffer(getMethods());
if (transport != NA) {
buffer.append(":");
if (transport != 0x03) {
if (transport == INTEGRAL) {
buffer.append("INTEGRAL");
} else {
buffer.append("CONFIDENTIAL");
}
}
}
return buffer.toString();
}
void setTransport(String trans) {
switch (transport) {
case NA:
{
if ("INTEGRAL".equals(trans)) {
transport = INTEGRAL;
} else if ("CONFIDENTIAL".equals(trans)) {
transport = CONFIDENTIAL;
}
break;
}
case INTEGRAL:
{
if ("CONFIDENTIAL".equals(trans)) {
transport = CONFIDENTIAL;
}
break;
}
}
}
void addRole(String role) {
roles.add(role);
}
void addAllRoles(Collection collection) {
roles.addAll(collection);
}
HashSet getRoles() {
return roles;
}
public boolean equals(Object obj) {
if (!(obj instanceof URLPattern)) return false;
URLPattern test = (URLPattern) obj;
return pattern.equals(test.pattern);
}
public int hashCode() {
return pattern.hashCode();
}
boolean matches(URLPattern p) {
String test = p.pattern;
// their pattern values are String equivalent
if (pattern.equals(test)) return true;
return type.matches(pattern, test);
}
private final static URLPatternCheck EXACT = new URLPatternCheck() {
public boolean check(URLPattern base, URLPattern test) {
return matches(base.pattern, test.pattern);
}
public boolean matches(String base, String test) {
return base.equals(test);
}
};
private final static URLPatternCheck PATH_PREFIX = new URLPatternCheck() {
public boolean check(URLPattern base, URLPattern test) {
return ((test.type == PATH_PREFIX || test.type == EXACT)
&& base.matches(test)
&& !base.equals(test));
}
/**
* This pattern is a path-prefix pattern (that is, it starts with "/" and ends with "/*") and the argument
* pattern starts with the substring of this pattern, minus its last 2 characters, and the next character of
* the argument pattern, if there is one, is "/"
* @param base the base pattern
* @param test the pattern to be tested
* @return <code>true</code> if <code>test</code> is matched by <code>base</code>
*/
public boolean matches(String base, String test) {
int length = base.length() - 2;
if (length > test.length()) return false;
for (int i = 0; i < length; i++) {
if (base.charAt(i) != test.charAt(i)) return false;
}
if (test.length() == length)
return true;
else if (test.charAt(length) != '/') return false;
return true;
}
};
private final static URLPatternCheck EXTENSION = new URLPatternCheck() {
public boolean check(URLPattern base, URLPattern test) {
if (test.type == PATH_PREFIX) return true;
if (test.type == EXACT) return matches(base.pattern, test.pattern);
return false;
}
/**
* This pattern is an extension pattern (that is, it startswith "*.") and the argument pattern ends with
* this pattern.
* @param base the base pattern
* @param test the pattern to be tested
* @return <code>true</code> if <code>test</code> is matched by <code>base</code>
*/
public boolean matches(String base, String test) {
return test.endsWith(base.substring(1));
}
};
private final static URLPatternCheck DEFAULT = new URLPatternCheck() {
public boolean check(URLPattern base, URLPattern test) {
return base.matches(test) && !base.equals(test);
}
/**
* This pattern is the path-prefix pattern "/*" or the reference pattern is the special default pattern,
* "/", which matches all argument patterns.
* @param base the base pattern
* @param test the pattern to be tested
* @return <code>true</code> if <code>test</code> is matched by <code>base</code>
* @see "JSR 115"
*/
public boolean matches(String base, String test) {
return true;
}
};
}
1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/URLPatternCheck.java
Index: URLPatternCheck.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Geronimo" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Geronimo", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
package org.apache.geronimo.security.util;
/**
* @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $
*/
public abstract class URLPatternCheck {
public abstract boolean check(URLPattern base, URLPattern test);
public abstract boolean matches(String base, String test);
}