Return-Path: Delivered-To: apmail-incubator-geronimo-cvs-archive@www.apache.org Received: (qmail 34094 invoked from network); 8 Nov 2003 05:57:10 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 8 Nov 2003 05:57:10 -0000 Received: (qmail 77746 invoked by uid 500); 8 Nov 2003 05:56:47 -0000 Delivered-To: apmail-incubator-geronimo-cvs-archive@incubator.apache.org Received: (qmail 77716 invoked by uid 500); 8 Nov 2003 05:56:47 -0000 Mailing-List: contact geronimo-cvs-help@incubator.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: geronimo-dev@incubator.apache.org Delivered-To: mailing list geronimo-cvs@incubator.apache.org Received: (qmail 77701 invoked from network); 8 Nov 2003 05:56:47 -0000 Received: from unknown (HELO minotaur.apache.org) (209.237.227.194) by daedalus.apache.org with SMTP; 8 Nov 2003 05:56:47 -0000 Received: (qmail 34078 invoked by uid 1751); 8 Nov 2003 05:57:07 -0000 Date: 8 Nov 2003 05:57:07 -0000 Message-ID: <20031108055707.34077.qmail@minotaur.apache.org> From: adc@apache.org To: incubator-geronimo-cvs@apache.org Subject: cvs commit: incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util ConfigurationUtil.java URLPattern.java URLPatternCheck.java X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N adc 2003/11/07 21:57:07 Added: modules/core/src/java/org/apache/geronimo/security/util ConfigurationUtil.java URLPattern.java URLPatternCheck.java Log: Utility classes that help the mapping of Web and EJB modules into permissions. Revision Changes Path 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java Index: ConfigurationUtil.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact apache@apache.org. * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * . * * ==================================================================== */ package org.apache.geronimo.security.util; import org.apache.geronimo.deployment.model.web.WebApp; import org.apache.geronimo.deployment.model.web.SecurityConstraint; import org.apache.geronimo.deployment.model.web.WebResourceCollection; import org.apache.geronimo.deployment.model.j2ee.SecurityRole; import org.apache.geronimo.deployment.model.j2ee.SecurityRoleRef; import org.apache.geronimo.deployment.model.ejb.EjbJar; import org.apache.geronimo.deployment.model.ejb.EnterpriseBeans; import org.apache.geronimo.deployment.model.ejb.Entity; import org.apache.geronimo.deployment.model.ejb.Session; import org.apache.geronimo.deployment.model.ejb.AssemblyDescriptor; import org.apache.geronimo.deployment.model.ejb.MethodPermission; import org.apache.geronimo.deployment.model.ejb.ExcludeList; import org.apache.geronimo.deployment.model.ejb.Method; import org.apache.geronimo.deployment.model.ejb.RpcBean; import org.apache.geronimo.security.GeronimoSecurityException; import javax.security.jacc.PolicyConfiguration; import javax.security.jacc.WebResourcePermission; import javax.security.jacc.WebUserDataPermission; import javax.security.jacc.PolicyContextException; import javax.security.jacc.EJBMethodPermission; import javax.security.jacc.EJBRoleRefPermission; import javax.security.jacc.PolicyContextHandler; import javax.security.jacc.PolicyContext; import java.util.HashSet; import java.util.HashMap; import java.util.Iterator; /** * A collection of utility functions that assist with the configuration of * PolicyConfigurations. * * @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $ * @see javax.security.jacc.PolicyConfiguration * @see "JSR 115" Java Authorization Contract for Containers */ public class ConfigurationUtil { /** * A simple helper method to register PolicyContextHandlers * @param handler an object that implements the PolicyContextHandler * interface. The value of this parameter must not be null. * @param replace this boolean value defines the behavior of this method * if, when it is called, a PolicyContextHandler has already * been registered to handle the same key. In that case, and if the value * of this argument is true, the existing handler is replaced with the * argument handler. If the value of this parameter is false the existing * registration is preserved and an exception is thrown. */ public static void registerPolicyContextHandler(PolicyContextHandler handler, boolean replace) throws PolicyContextException { String[] keys = handler.getKeys(); for (int i=0; iPolicyConfiguration object as defined in the JAAC spec. * @param webApp the deployment descriptor from which to obtain the * security constraints that are to be translated. * @throws org.apache.geronimo.security.GeronimoSecurityException if there is any violation of the semantics of * the security descriptor or the state of the module configuration. * @see javax.security.jacc.PolicyConfiguration * @see "Java Authorization Contract for Containers", section 3.1.3 * @jmx:managed-operation */ public static void configure(PolicyConfiguration configuration, WebApp webApp) throws GeronimoSecurityException { HashSet securityRoles = new HashSet(); SecurityRole[] securityRolesArray = webApp.getSecurityRole(); for (int i = 0; i < securityRolesArray.length; i++) { securityRoles.add(securityRolesArray[i].getRoleName()); } HashMap uncheckedPatterns = new HashMap(); HashMap excludedPatterns = new HashMap(); HashMap rolesPatterns = new HashMap(); HashSet allSet = new HashSet(); HashMap allMap = new HashMap(); SecurityConstraint[] s = webApp.getSecurityConstraint(); for (int i = 0; i < s.length; i++) { HashMap currentPatterns; if (s[i].getAuthConstraint() == null) { currentPatterns = uncheckedPatterns; } else if (s[i].getAuthConstraint().getRoleName().length == 0) { currentPatterns = excludedPatterns; } else { currentPatterns = rolesPatterns; } String transport = ""; if (s[i].getUserDataConstraint() != null) { transport = s[i].getUserDataConstraint().getTransportGuarantee(); } WebResourceCollection[] collection = s[i].getWebResourceCollection(); for (int j = 0; j < collection.length; j++) { String[] methods = collection[j].getHttpMethod(); String[] patterns = collection[j].getUrlPattern(); for (int k = 0; k < patterns.length; k++) { URLPattern pattern = (URLPattern) currentPatterns.get(patterns[k]); if (pattern == null) { pattern = new URLPattern(patterns[k]); currentPatterns.put(patterns[k], pattern); } URLPattern allPattern = (URLPattern) allMap.get(patterns[k]); if (allPattern == null) { allPattern = new URLPattern(patterns[k]); allSet.add(allPattern); allMap.put(patterns[k], allPattern); } for (int l = 0; l < methods.length; l++) { pattern.addMethod(methods[l]); allPattern.addMethod(methods[l]); } if (methods.length == 0) { pattern.addMethod(""); allPattern.addMethod(""); } if (currentPatterns == rolesPatterns) { String[] roles = s[i].getAuthConstraint().getRoleName(); for (int l = 0; l < roles.length; l++) { if (roles[l].equals("*")) { pattern.addAllRoles(securityRoles); } else { pattern.addRole(roles[l]); } } } pattern.setTransport(transport); } } } try { /** * */ Iterator iter = excludedPatterns.keySet().iterator(); while (iter.hasNext()) { URLPattern pattern = (URLPattern) excludedPatterns.get(iter.next()); String name = pattern.getQualifiedPattern(allSet); String actions = pattern.getMethods(); configuration.addToExcludedPolicy(new WebResourcePermission(name, actions)); configuration.addToExcludedPolicy(new WebUserDataPermission(name, actions)); } /** * */ iter = rolesPatterns.keySet().iterator(); while (iter.hasNext()) { URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next()); String name = pattern.getQualifiedPattern(allSet); String actions = pattern.getMethods(); WebResourcePermission permission = new WebResourcePermission(name, actions); Iterator names = pattern.getRoles().iterator(); while (names.hasNext()) { configuration.addToRole((String) names.next(), permission); } } /** * */ iter = uncheckedPatterns.keySet().iterator(); while (iter.hasNext()) { URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next()); String name = pattern.getQualifiedPattern(allSet); String actions = pattern.getMethods(); configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions)); } /** * */ iter = rolesPatterns.keySet().iterator(); while (iter.hasNext()) { URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next()); String name = pattern.getQualifiedPattern(allSet); String actions = pattern.getMethodsWithTransport(); configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions)); } iter = uncheckedPatterns.keySet().iterator(); while (iter.hasNext()) { URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next()); String name = pattern.getQualifiedPattern(allSet); String actions = pattern.getMethodsWithTransport(); configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions)); } /** * A WebResourcePermission and a WebUserDataPermission must be instantiated for * each url-pattern in the deployment descriptor and the default pattern "/", that is not combined * by the web-resource-collection elements of the deployment descriptor with ever HTTP method * value. The permission objects must be contructed using the qualified pattern as their name and with * actions defined by the subset of the HTTP methods that do not occur in combination with the pattern. * The resulting permissions that must be added to the unchecked policy statements by calling the * addToUncheckedPolcy method on the PolicyConfiguration object. */ iter = allSet.iterator(); while (iter.hasNext()) { URLPattern pattern = (URLPattern) iter.next(); String name = pattern.getQualifiedPattern(allSet); String actions = pattern.getComplementedMethods(); if (actions.length() == 0) continue; configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions)); configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions)); } URLPattern pattern = new URLPattern("/"); if (!allSet.contains(pattern)) { String name = pattern.getQualifiedPattern(allSet); String actions = pattern.getComplementedMethods(); configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions)); configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions)); } } catch (PolicyContextException e) { throw new GeronimoSecurityException(e); } } public static void configure(PolicyConfiguration configuration, EjbJar ejbJar) throws GeronimoSecurityException { EnterpriseBeans enterpriseBeans = ejbJar.getEnterpriseBeans(); Entity[] entityBeans = enterpriseBeans.getEntity(); Session[] sessionBeans = enterpriseBeans.getSession(); AssemblyDescriptor assemblyDescriptor = ejbJar.getAssemblyDescriptor(); MethodPermission[] methodPermissions = assemblyDescriptor.getMethodPermission(); ExcludeList excludeList = assemblyDescriptor.getExcludeList(); /** * Section 3.1.5.1 */ for (int i = 0; i < methodPermissions.length; i++) { MethodPermission methodPermission = methodPermissions[i]; Method[] methods = methodPermission.getMethod(); for (int j = 0; j < methods.length; j++) { Method method = methods[j]; EJBMethodPermission permission = new EJBMethodPermission(method.getEjbName(), method.getMethodName(), method.getMethodIntf(), method.getMethodParam()); try { if (methodPermission.isUnchecked()) { configuration.addToUncheckedPolicy(permission); } else { String[] roleNames = methodPermission.getRoleName(); for (int k = 0; k < roleNames.length; k++) { configuration.addToRole(roleNames[k], permission); } } } catch (PolicyContextException e) { throw new GeronimoSecurityException(e); } } } /** * Section 3.1.5.2 */ Method[] methods = excludeList.getMethod(); try { for (int i = 0; i < methods.length; i++) { EJBMethodPermission permission = new EJBMethodPermission(methods[i].getEjbName(), methods[i].getMethodName(), methods[i].getMethodIntf(), methods[i].getMethodParam()); configuration.addToExcludedPolicy(permission); } } catch (PolicyContextException e) { throw new GeronimoSecurityException(e); } /** * Section 3.1.5.3 */ for (int i = 0; i < entityBeans.length; i++) { translateSecurityRoleRefs(configuration, entityBeans[i]); } for (int i = 0; i < sessionBeans.length; i++) { translateSecurityRoleRefs(configuration, sessionBeans[i]); } } private static void translateSecurityRoleRefs(PolicyConfiguration configuration, RpcBean bean) throws GeronimoSecurityException { try { SecurityRoleRef[] roleRefs = bean.getSecurityRoleRef(); for (int i = 0; i < roleRefs.length; i++) { String roleName = roleRefs[i].getRoleName(); String roleLink = roleRefs[i].getRoleLink(); configuration.addToRole(roleLink, new EJBRoleRefPermission(bean.getEJBName(), roleName)); } } catch (PolicyContextException e) { throw new GeronimoSecurityException(e); } } } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/URLPattern.java Index: URLPattern.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact apache@apache.org. * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * . * * ==================================================================== */ package org.apache.geronimo.security.util; import java.util.HashSet; import java.util.Iterator; import java.util.Collection; /** * Utility class for WebModuleConfiguration. This class is used to generate qualified patterns, HTTP * method sets, complements of HTTP method sets, and HTTP method sets w/ transport restrictions for URL patterns that * are found in the web deployment descriptor. * @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $ * @see org.apache.geronimo.security.WebModuleConfiguration */ class URLPattern { private final static String[] HTTP_METHODS = {"GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "TRACE"}; private final static int[] HTTP_MASKS = {0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40}; private final static int NA = 0x00; private final static int INTEGRAL = 0x01; private final static int CONFIDENTIAL = 0x02; private URLPatternCheck type; private String pattern; private int mask; private int transport; private HashSet roles = new HashSet(); /** * Construct an instance of the utility class for WebModuleConfiguration. * @param pat the URL pattern that this instance is to collect information on * @see org.apache.geronimo.security.WebModuleConfiguration * @see "JSR 115, section 3.1.3" Translating Servlet Deployment Descriptors */ URLPattern(String pat) { if (pat == null) throw new java.lang.IllegalArgumentException("URL pattern cannot be null"); if (pat.length() == 0) throw new java.lang.IllegalArgumentException("URL pattern cannot be empty"); if (pat.equals("/") || pat.equals("/*")) { type = DEFAULT; } else if (pat.charAt(0) == '/' && pat.endsWith("/*")) { type = PATH_PREFIX; } else if (pat.charAt(0) == '*') { type = EXTENSION; } else { type = EXACT; } pattern = pat; } /** * Get a qualifed URL pattern relative to a particular set of URL patterns. This algorithm is described in * JSR 115, section 3.1.3.1 "Qualified URL Pattern Names". * @param patterns the set of possible URL patterns that could be used to qualify this pattern * @return a qualifed URL pattern */ String getQualifiedPattern(HashSet patterns) { if (type == EXACT) { return pattern; } else { HashSet bucket = new HashSet(); StringBuffer result = new StringBuffer(pattern); Iterator iter = patterns.iterator(); // Collect a set of qualifying patterns, depending on the type of this pattern. while (iter.hasNext()) { URLPattern p = (URLPattern) iter.next(); if (type.check(this, p)) { bucket.add(p.pattern); } } // append the set of qualifying patterns iter = bucket.iterator(); while (iter.hasNext()) { result.append(':'); result.append((String) iter.next()); } return result.toString(); } } /** * Add a method to the union of HTTP methods associated with this URL pattern. An empty string is short hand for * the set of all HTTP methods. * @param method the HTTP method to be added to the set. */ void addMethod(String method) { if (method.length() == 0) { mask = 0xFF; return; } boolean found = false; for (int j = 0; j < HTTP_METHODS.length; j++) { if (method.equals(HTTP_METHODS[j])) { mask |= HTTP_MASKS[j]; found = true; break; } } if (!found) throw new IllegalArgumentException("Invalid HTTP method"); } /** * Return the set of HTTP methods that have been associated with this URL pattern. * @return a set of HTTP methods */ String getMethods() { StringBuffer buffer = null; for (int i = 0; i < HTTP_MASKS.length; i++) { if ((mask & HTTP_MASKS[i]) > 0) { if (buffer == null) { buffer = new StringBuffer(); } else { buffer.append(","); } buffer.append(HTTP_METHODS[i]); } } return (buffer == null ? "" : buffer.toString()); } String getComplementedMethods() { StringBuffer buffer = null; for (int i = 0; i < HTTP_MASKS.length; i++) { if ((mask & HTTP_MASKS[i]) == 0) { if (buffer == null) { buffer = new StringBuffer(); } else { buffer.append(","); } buffer.append(HTTP_METHODS[i]); } } return (buffer == null ? "" : buffer.toString()); } String getMethodsWithTransport() { StringBuffer buffer = new StringBuffer(getMethods()); if (transport != NA) { buffer.append(":"); if (transport != 0x03) { if (transport == INTEGRAL) { buffer.append("INTEGRAL"); } else { buffer.append("CONFIDENTIAL"); } } } return buffer.toString(); } void setTransport(String trans) { switch (transport) { case NA: { if ("INTEGRAL".equals(trans)) { transport = INTEGRAL; } else if ("CONFIDENTIAL".equals(trans)) { transport = CONFIDENTIAL; } break; } case INTEGRAL: { if ("CONFIDENTIAL".equals(trans)) { transport = CONFIDENTIAL; } break; } } } void addRole(String role) { roles.add(role); } void addAllRoles(Collection collection) { roles.addAll(collection); } HashSet getRoles() { return roles; } public boolean equals(Object obj) { if (!(obj instanceof URLPattern)) return false; URLPattern test = (URLPattern) obj; return pattern.equals(test.pattern); } public int hashCode() { return pattern.hashCode(); } boolean matches(URLPattern p) { String test = p.pattern; // their pattern values are String equivalent if (pattern.equals(test)) return true; return type.matches(pattern, test); } private final static URLPatternCheck EXACT = new URLPatternCheck() { public boolean check(URLPattern base, URLPattern test) { return matches(base.pattern, test.pattern); } public boolean matches(String base, String test) { return base.equals(test); } }; private final static URLPatternCheck PATH_PREFIX = new URLPatternCheck() { public boolean check(URLPattern base, URLPattern test) { return ((test.type == PATH_PREFIX || test.type == EXACT) && base.matches(test) && !base.equals(test)); } /** * This pattern is a path-prefix pattern (that is, it starts with "/" and ends with "/*") and the argument * pattern starts with the substring of this pattern, minus its last 2 characters, and the next character of * the argument pattern, if there is one, is "/" * @param base the base pattern * @param test the pattern to be tested * @return true if test is matched by base */ public boolean matches(String base, String test) { int length = base.length() - 2; if (length > test.length()) return false; for (int i = 0; i < length; i++) { if (base.charAt(i) != test.charAt(i)) return false; } if (test.length() == length) return true; else if (test.charAt(length) != '/') return false; return true; } }; private final static URLPatternCheck EXTENSION = new URLPatternCheck() { public boolean check(URLPattern base, URLPattern test) { if (test.type == PATH_PREFIX) return true; if (test.type == EXACT) return matches(base.pattern, test.pattern); return false; } /** * This pattern is an extension pattern (that is, it startswith "*.") and the argument pattern ends with * this pattern. * @param base the base pattern * @param test the pattern to be tested * @return true if test is matched by base */ public boolean matches(String base, String test) { return test.endsWith(base.substring(1)); } }; private final static URLPatternCheck DEFAULT = new URLPatternCheck() { public boolean check(URLPattern base, URLPattern test) { return base.matches(test) && !base.equals(test); } /** * This pattern is the path-prefix pattern "/*" or the reference pattern is the special default pattern, * "/", which matches all argument patterns. * @param base the base pattern * @param test the pattern to be tested * @return true if test is matched by base * @see "JSR 115" */ public boolean matches(String base, String test) { return true; } }; } 1.1 incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/URLPatternCheck.java Index: URLPatternCheck.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Geronimo" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact apache@apache.org. * * 5. Products derived from this software may not be called "Apache", * "Apache Geronimo", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * . * * ==================================================================== */ package org.apache.geronimo.security.util; /** * @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $ */ public abstract class URLPatternCheck { public abstract boolean check(URLPattern base, URLPattern test); public abstract boolean matches(String base, String test); }