geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xuhaih...@apache.org
Subject svn commit: r934665 - in /geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment: merge/annotation/ security/
Date Fri, 16 Apr 2010 01:55:33 GMT
Author: xuhaihong
Date: Fri Apr 16 01:55:32 2010
New Revision: 934665

URL: http://svn.apache.org/viewvc?rev=934665&view=rev
Log:
Support omissionHttpMethod configuration in security-constraint imported in servlet 3.0

Modified:
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java
    geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java?rev=934665&r1=934664&r2=934665&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java
(original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/merge/annotation/ServletSecurityAnnotationMergeHandler.java
Fri Apr 16 01:55:32 2010
@@ -31,6 +31,7 @@ import javax.servlet.annotation.ServletS
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.web25.deployment.merge.MergeContext;
 import org.apache.geronimo.web25.deployment.merge.webfragment.ServletMappingMergeHandler;
+import org.apache.geronimo.web25.deployment.security.HTTPMethods;
 import org.apache.geronimo.xbeans.javaee6.AuthConstraintType;
 import org.apache.geronimo.xbeans.javaee6.SecurityConstraintType;
 import org.apache.geronimo.xbeans.javaee6.ServletMappingType;
@@ -49,18 +50,6 @@ public class ServletSecurityAnnotationMe
 
     private static final Logger logger = LoggerFactory.getLogger(ServletSecurityAnnotationMergeHandler.class);
 
-    public static final Set<String> SUPPORTED_HTTP_METHODS = new HashSet<String>();
-    static {
-        SUPPORTED_HTTP_METHODS.add("OPTIONS");
-        SUPPORTED_HTTP_METHODS.add("GET");
-        SUPPORTED_HTTP_METHODS.add("HEAD");
-        SUPPORTED_HTTP_METHODS.add("POST");
-        SUPPORTED_HTTP_METHODS.add("PUT");
-        SUPPORTED_HTTP_METHODS.add("DELETE");
-        SUPPORTED_HTTP_METHODS.add("TRACE");
-        SUPPORTED_HTTP_METHODS.add("CONNECT");
-    }
-
     @Override
     public void merge(Class<?>[] classes, WebAppType webApp, MergeContext mergeContext)
throws DeploymentException {
     }
@@ -177,18 +166,12 @@ public class ServletSecurityAnnotationMe
         return securityConstraint;
     }
 
-    private void addSecurityConstraintHttpMethod(SecurityConstraintType securityConstraint,
String httpMethod) {
-        WebResourceCollectionType webResourceCollection = securityConstraint.getWebResourceCollectionArray().length
== 0 ? securityConstraint.addNewWebResourceCollection() : securityConstraint
-                .getWebResourceCollectionArray(0);
-        webResourceCollection.addNewHttpMethod().setStringValue(httpMethod);
-    }
-
     private String normalizeHTTPMethod(String servletClassName, String httpMethod) throws
DeploymentException {
         if (httpMethod == null || httpMethod.isEmpty()) {
             throw new DeploymentException("HTTP protocol method could not be null or empty
string in the ServletSecurity anntation of the class " + servletClassName);
         }
         httpMethod = httpMethod.toUpperCase();
-        if (!SUPPORTED_HTTP_METHODS.contains(httpMethod)) {
+        if (!HTTPMethods.SUPPORTED_HTTP_METHODS.contains(httpMethod)) {
             throw new DeploymentException("Invalid HTTP protocol method " + httpMethod +
" in the ServletSecurity annotation of the class " + servletClassName);
         }
         return httpMethod;

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java?rev=934665&r1=934664&r2=934665&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java
(original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/HTTPMethods.java
Fri Apr 16 01:55:32 2010
@@ -20,6 +20,7 @@
 
 package org.apache.geronimo.web25.deployment.security;
 
+import java.util.Collections;
 import java.util.Set;
 import java.util.HashSet;
 import java.util.regex.Pattern;
@@ -30,6 +31,21 @@ import java.util.regex.Pattern;
  * @version $Rev$ $Date$
  */
 public class HTTPMethods {
+
+    public static final Set<String> SUPPORTED_HTTP_METHODS;
+    static {
+        Set<String> supportedHttpMethods = new HashSet<String>();
+        supportedHttpMethods.add("OPTIONS");
+        supportedHttpMethods.add("GET");
+        supportedHttpMethods.add("HEAD");
+        supportedHttpMethods.add("POST");
+        supportedHttpMethods.add("PUT");
+        supportedHttpMethods.add("DELETE");
+        supportedHttpMethods.add("TRACE");
+        //supportedHttpMethods.add("CONNECT");
+        SUPPORTED_HTTP_METHODS = Collections.unmodifiableSet(supportedHttpMethods);
+    }
+
     private static final Pattern TOKEN_PATTERN = Pattern.compile("[!-~&&[^\\(\\)\\<\\>@,;:\\\\\"/\\[\\]\\?=\\{\\}]]*");
 
     private final Set<String> methods = new HashSet<String>();

Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java?rev=934665&r1=934664&r2=934665&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
(original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web-2.5-builder/src/main/java/org/apache/geronimo/web25/deployment/security/SpecSecurityBuilder.java
Fri Apr 16 01:55:32 2010
@@ -118,10 +118,8 @@ public class SpecSecurityBuilder {
                     }
 
                     String[] httpMethodTypeArray = webResourceCollectionType.getHttpMethodArray();
-                    if (httpMethodTypeArray.length == 0) {
-                        pattern.addMethod("");
-                        allPattern.addMethod("");
-                    } else {
+                    String[] omissionHttpMethods = webResourceCollectionType.getHttpMethodOmissionArray();
+                    if (httpMethodTypeArray.length > 0) {
                         for (String aHttpMethodTypeArray : httpMethodTypeArray) {
                             String method = (aHttpMethodTypeArray == null ? null : aHttpMethodTypeArray.trim());
                             if (method != null) {
@@ -129,7 +127,23 @@ public class SpecSecurityBuilder {
                                 allPattern.addMethod(method);
                             }
                         }
+                    } else if (omissionHttpMethods.length > 0) {
+                        Set<String> httpMethods = new HashSet<String>(HTTPMethods.SUPPORTED_HTTP_METHODS);
+                        for (String omissionHttpMethod : omissionHttpMethods) {
+                            String nomalizedOmissionHttpMethod = omissionHttpMethod == null
? null : omissionHttpMethod.trim().toUpperCase();
+                            if (nomalizedOmissionHttpMethod != null) {
+                                httpMethods.remove(nomalizedOmissionHttpMethod);
+                            }
+                        }
+                        for (String httpMethod : httpMethods) {
+                            pattern.addMethod(httpMethod);
+                            allPattern.addMethod(httpMethod);
+                        }
+                    } else {
+                        pattern.addMethod("");
+                        allPattern.addMethod("");
                     }
+
                     if (currentPatterns == rolesPatterns) {
                         RoleNameType[] roleNameTypeArray = securityConstraintType.getAuthConstraint().getRoleNameArray();
                         for (RoleNameType roleNameType : roleNameTypeArray) {



Mime
View raw message