Package javax.servlet.annotation

Examples of javax.servlet.annotation.ServletSecurity

1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
       
        if (ctxt.getIgnoreAnnotations()) {
            return;
        }

        ServletSecurity secAnnotation =
            clazz.getAnnotation(ServletSecurity.class);
        if (secAnnotation != null) {
            ctxt.addServletSecurity(
                    new ApplicationServletRegistration(this, ctxt),
                    new ServletSecurityElement(secAnnotation));
View Full Code Here
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
       
        if (ctxt.getIgnoreAnnotations()) {
            return;
        }

        ServletSecurity secAnnotation =
            clazz.getAnnotation(ServletSecurity.class);
        if (secAnnotation != null) {
            ctxt.addServletSecurity(
                    new ApplicationServletRegistration(this, ctxt),
                    new ServletSecurityElement(secAnnotation));
View Full Code Here
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
       
        if (ctxt.getIgnoreAnnotations()) {
            return;
        }

        ServletSecurity secAnnotation =
            clazz.getAnnotation(ServletSecurity.class);
        if (secAnnotation != null) {
            ctxt.addServletSecurity(
                    new ApplicationServletRegistration(this, ctxt),
                    new ServletSecurityElement(secAnnotation));
View Full Code Here
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
       
        if (ctxt.getIgnoreAnnotations()) {
            return;
        }

        ServletSecurity secAnnotation =
            clazz.getAnnotation(ServletSecurity.class);
        if (secAnnotation != null) {
            ctxt.addServletSecurity(
                    new ApplicationServletRegistration(this, ctxt),
                    new ServletSecurityElement(secAnnotation));
View Full Code Here
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
       
        if (ctxt.getIgnoreAnnotations()) {
            return;
        }

        ServletSecurity secAnnotation =
            clazz.getAnnotation(ServletSecurity.class);
        if (secAnnotation != null) {
            ctxt.addServletSecurity(
                    new ApplicationServletRegistration(this, ctxt),
                    new ServletSecurityElement(secAnnotation));
View Full Code Here
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
       
        if (ctxt.getIgnoreAnnotations()) {
            return;
        }

        ServletSecurity secAnnotation =
            clazz.getAnnotation(ServletSecurity.class);
        if (secAnnotation != null) {
            ctxt.addServletSecurity(
                    new ApplicationServletRegistration(this, ctxt),
                    new ServletSecurityElement(secAnnotation));
View Full Code Here
476
477
478
479
480
481
482
483
484
485
486
     */
    @Test
    public void testHttpConstraint() throws IOException {
        // Get the annotation from the test case
        Class<TesterServletSecurity01> clazz = TesterServletSecurity01.class;
        ServletSecurity servletSecurity =
                clazz.getAnnotation(ServletSecurity.class);

        // Convert the annotation into constraints
        ServletSecurityElement servletSecurityElement =
                new ServletSecurityElement(servletSecurity);
View Full Code Here
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
                String servletClassName = servlet.getServletClass().getStringValue();
                Class<?> cls = bundle.loadClass(servletClassName);
                if (!Servlet.class.isAssignableFrom(cls)) {
                    continue;
                }
                ServletSecurity servletSecurity = cls.getAnnotation(ServletSecurity.class);
                if (servletSecurity == null) {
                    continue;
                }
                Set<String> urlPatterns = servletClassNameUrlPatternsMap.get(servletClassName);
                if (urlPatterns == null || urlPatterns.isEmpty()) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("No url pattern for the servlet class " + servletClassName + " is found in the deployment plan, SecurityConstraint annotation is ignored");
                    }
                    continue;
                }
                HttpConstraint httpConstraint = servletSecurity.value();
                if (servletSecurity.httpMethodConstraints().length > 0) {
                    String[] omissionMethods = new String[servletSecurity.httpMethodConstraints().length];
                    int iIndex = 0;
                    for (HttpMethodConstraint httpMethodConstraint : servletSecurity.httpMethodConstraints()) {
                        //Generate a security-constraint for each HttpMethodConstraint
                        String httpMethod = httpMethodConstraint.value().trim();
                        omissionMethods[iIndex++] = httpMethod;
                        addNewHTTPMethodSecurityConstraint(annotationSecurityWebApp, httpMethodConstraint.rolesAllowed(), httpMethodConstraint.transportGuarantee(), httpMethodConstraint
                                .emptyRoleSemantic(), httpMethod, urlPatterns);
View Full Code Here
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
                String servletClassName = servlet.getServletClass().getStringValue();
                Class<?> cls = bundle.loadClass(servletClassName);
                if (!Servlet.class.isAssignableFrom(cls)) {
                    continue;
                }
                ServletSecurity servletSecurity = cls.getAnnotation(ServletSecurity.class);
                if (servletSecurity == null) {
                    continue;
                }
                if (servletSecurity.httpMethodConstraints().length > 0) {
                    for (HttpMethodConstraint httpMethodConstraint : servletSecurity.httpMethodConstraints()) {
                        String httpMethod = httpMethodConstraint.value();
                        if (httpMethod == null || httpMethod.trim().isEmpty()) {
                            throw new DeploymentException("HTTP protocol method could not be null or empty string in the ServletSecurity annotation of the class " + servletClassName);
                        }
                        httpMethod = httpMethod.trim();
                        if (!WebDeploymentValidationUtils.isValidHTTPMethod(httpMethod)) {
                            throw new DeploymentException("Invalid HTTP method value is found in the ServletSecurity annotation of the class " + servletClassName);
                        }
                    }
                } else {
                    HttpConstraint httpConstraint = servletSecurity.value();
                    if (httpConstraint.rolesAllowed().length > 0 && httpConstraint.value().equals(ServletSecurity.EmptyRoleSemantic.DENY)) {
                        throw new DeploymentException("EmptyRoleSemantic with value DENY is not allowed in combination with a non-empty rolesAllowed list in the class " + servletClassName);
                    }
                }
            }
View Full Code Here
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
        Set<String> urlPatterns = getUrlPatternsWithoutSecurityConstraint(webCompDesc);

        if (urlPatterns != null && urlPatterns.size() > 0) {
            WebBundleDescriptor webBundleDesc = webCompDesc.getWebBundleDescriptor();
            ServletSecurity servletSecurityAn = (ServletSecurity)ainfo.getAnnotation();
            HttpConstraint httpConstraint = servletSecurityAn.value();

            SecurityConstraint securityConstraint =
                    createSecurityConstraint(webBundleDesc,
                    urlPatterns, httpConstraint.rolesAllowed(),
                    httpConstraint.value(),
                    httpConstraint.transportGuarantee(),
                    null);

            // we know there is one WebResourceCollection there
            WebResourceCollection webResColl =
                    securityConstraint.getWebResourceCollections().iterator().next();
            HttpMethodConstraint[] httpMethodConstraints = servletSecurityAn.httpMethodConstraints();
            for (HttpMethodConstraint httpMethodConstraint : httpMethodConstraints) {
                String httpMethod = httpMethodConstraint.value();
                if (httpMethod == null || httpMethod.length() == 0) {
                    return getDefaultFailedResult();
                }
View Full Code Here
TOP

Related Classes of javax.servlet.annotation.ServletSecurity

  • com.caucho.server.webapp.WebApp
  • com.sun.enterprise.deployment.annotation.handlers.ServletSecurityHandler
  • com.sun.enterprise.web.DynamicWebServletRegistrationImpl
  • io.undertow.servlet.spec.ServletContextImpl$ReadServletAnnotationsTask
  • org.apache.catalina.core.StandardWrapper
  • org.apache.catalina.realm.TestRealmBase
  • org.apache.geronimo.web.security.SpecSecurityBuilder
  • org.apache.geronimo.web.security.WebSecurityConstraintStore
  • org.apache.geronimo.web25.deployment.merge.annotation.ServletSecurityAnnotationMergeHandler
  • org.eclipse.jetty.annotations.ServletSecurityAnnotationHandler
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.