KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > metadata > WebSecurityMetaData


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */
22 package org.jboss.metadata;
23
24 import java.util.HashMap JavaDoc;
25 import java.util.HashSet JavaDoc;
26 import java.util.Map JavaDoc;
27 import java.util.Set JavaDoc;
28 import java.util.ArrayList JavaDoc;
29 import java.util.Collections JavaDoc;
30 import java.util.TreeSet JavaDoc;
31
32 import org.jboss.metadata.web.AuthConstraint;
33
34 /** Encapsulation of the web.xml security-constraints
35  *
36  * @author Scott.Stark@jboss.org
37  * @version $Revison:$
38  */
39 public class WebSecurityMetaData
40 {
41    /** The set of all http methods: DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE */
42    public static final Set JavaDoc ALL_HTTP_METHODS;
43    public static final String JavaDoc[] ALL_HTTP_METHOD_NAMES;
44
45    static
46    {
47       TreeSet JavaDoc tmp = new TreeSet JavaDoc();
48       tmp.add("GET");
49       tmp.add("POST");
50       tmp.add("PUT");
51       tmp.add("DELETE");
52       tmp.add("HEAD");
53       tmp.add("OPTIONS");
54       tmp.add("TRACE");
55       ALL_HTTP_METHODS = Collections.unmodifiableSortedSet(tmp);
56       ALL_HTTP_METHOD_NAMES = new String JavaDoc[ALL_HTTP_METHODS.size()];
57       ALL_HTTP_METHODS.toArray(ALL_HTTP_METHOD_NAMES);
58    }
59
60    /** The HashMap<String, WebResourceCollection> for the
61     * security-constraint/web-resource-collection elements
62     */
63    private HashMap JavaDoc<String JavaDoc, WebResourceCollection> webResources =
64       new HashMap JavaDoc<String JavaDoc, WebResourceCollection>();
65    /** Set<String> of the allowed role names defined by the
66     * security-constraint/auth-constraint elements
67     */
68    private Set JavaDoc roles = new HashSet JavaDoc();
69
70    /** The optional security-constraint/user-data-constraint/transport-guarantee */
71    private String JavaDoc transportGuarantee;
72    /** The unchecked flag is set when there is no security-constraint/auth-constraint
73     */
74    private boolean unchecked = false;
75    /** The excluded flag is set when there is an empty
76     security-constraint/auth-constraint element
77     */
78    private boolean excluded = false;
79    /** security-constraint/auth-constraint element */
80    private AuthConstraint authConstraint;
81
82    public static String JavaDoc[] getMissingHttpMethods(HashSet JavaDoc httpMethods)
83    {
84       String JavaDoc[] methods = {};
85       if( httpMethods.size() > 0 && httpMethods.containsAll(ALL_HTTP_METHODS) == false )
86       {
87          HashSet JavaDoc missingMethods = new HashSet JavaDoc(ALL_HTTP_METHODS);
88          missingMethods.removeAll(httpMethods);
89          methods = new String JavaDoc[missingMethods.size()];
90          missingMethods.toArray(methods);
91       }
92       return methods;
93    }
94
95    public WebResourceCollection addWebResource(String JavaDoc name)
96    {
97       WebResourceCollection webrc = new WebResourceCollection(name);
98       if( webResources.containsKey(name) == true )
99       {
100          // A non-unique name, unique it
101 name = name + '@' + System.identityHashCode(webrc);
102       }
103       webResources.put(name, webrc);
104       return webrc;
105    }
106    public Map JavaDoc<String JavaDoc, WebResourceCollection> getWebResources()
107    {
108       return webResources;
109    }
110    public void setWebResources(WebResourceCollection collection)
111    {
112       
113    }
114
115    public void addRole(String JavaDoc name)
116    {
117       roles.add(name);
118    }
119    /** Get the security-constraint/auth-constraint values. An empty role
120     * set must be qualified by the isUnchecked and isExcluded methods.
121     *
122     * @return Set<String> for the role names
123     */
124    public Set JavaDoc getRoles()
125    {
126       return roles;
127    }
128    
129    /** Get the security-constraint/transport-guarantee setting
130     @return null == no guarantees
131       INTEGRAL == an integretity guarantee
132       CONFIDENTIAL == protected for confidentiality
133     */
134    public String JavaDoc getTransportGuarantee()
135    {
136       return transportGuarantee;
137    }
138    public void setTransportGuarantee(String JavaDoc transportGuarantee)
139    {
140       this.transportGuarantee = transportGuarantee;
141    }
142
143    public boolean isUnchecked()
144    {
145       return unchecked;
146    }
147    public void setUnchecked(boolean flag)
148    {
149       this.unchecked = flag;
150    }
151
152    public boolean isExcluded()
153    {
154       return excluded;
155    }
156    public void setExcluded(boolean flag)
157    {
158       this.excluded = flag;
159    }
160
161    public AuthConstraint getAuthConstraint()
162    {
163       return authConstraint;
164    }
165    public void setAuthConstraint(AuthConstraint authConstraint)
166    {
167       this.authConstraint = authConstraint;
168       if( authConstraint.getRoleNames().size() == 0 )
169          setExcluded(true);
170    }
171
172    /** The security-constraint/web-resource-collection child element container
173     *
174     */
175    public static class WebResourceCollection
176    {
177       /** The required web-resource-name element */
178       private String JavaDoc name;
179       /** The required url-pattern element(s) */
180       private HashSet JavaDoc urlPatterns = new HashSet JavaDoc();
181       /** The optional http-method element(s) */
182       private ArrayList JavaDoc httpMethods = new ArrayList JavaDoc();
183
184       public WebResourceCollection()
185       {
186          this(null);
187       }
188       public WebResourceCollection(String JavaDoc name)
189       {
190          this.name = name;
191       }
192
193       public String JavaDoc getName()
194       {
195          return name;
196       }
197       public void setName(String JavaDoc name)
198       {
199          this.name = name;
200       }
201       public void addPattern(String JavaDoc pattern)
202       {
203          urlPatterns.add(pattern);
204       }
205       /** Get the url-patterns specified in the resource collection.
206        * @return
207        */
208       public String JavaDoc[] getUrlPatterns()
209       {
210          String JavaDoc[] patterns = {};
211          patterns = new String JavaDoc[urlPatterns.size()];
212          urlPatterns.toArray(patterns);
213          return patterns;
214       }
215
216       public void addHttpMethod(String JavaDoc method)
217       {
218          httpMethods.add(method);
219       }
220       /** The optional security-constraint/web-resource-collection/http-method
221        @return empty for all methods, a subset of GET, POST, PUT, DELETE,
222                HEAD, OPTIONS, TRACE otherwise
223        */
224       public String JavaDoc[] getHttpMethods()
225       {
226          String JavaDoc[] methods = {};
227          if( httpMethods.containsAll(ALL_HTTP_METHODS) == false )
228          {
229             methods = new String JavaDoc[httpMethods.size()];
230             httpMethods.toArray(methods);
231          }
232          return methods;
233       }
234       /** Return the http methods that were not specified in the collection.
235        If there were a subset of the ALL_HTTP_METHODS given, then this
236        method returns the ALL_HTTP_METHODS - the subset. If no or all
237        ALL_HTTP_METHODS were specified this return an empty array.
238        @return empty for all methods, a subset of GET, POST, PUT, DELETE,
239                HEAD, OPTIONS, TRACE otherwise
240        */
241       public String JavaDoc[] getMissingHttpMethods()
242       {
243          String JavaDoc[] methods = {};
244          if( httpMethods.size() > 0 && httpMethods.containsAll(ALL_HTTP_METHODS) == false )
245          {
246             HashSet JavaDoc missingMethods = new HashSet JavaDoc(ALL_HTTP_METHODS);
247             missingMethods.removeAll(httpMethods);
248             methods = new String JavaDoc[missingMethods.size()];
249             missingMethods.toArray(methods);
250          }
251          return methods;
252       }
253    }
254 }
255
Popular Tags