001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.metadata;
023:
024: import java.util.HashMap;
025: import java.util.HashSet;
026: import java.util.Set;
027: import java.util.ArrayList;
028: import java.util.Collections;
029: import java.util.TreeSet;
030:
031: /** Encapsulation of the web.xml security-constraints
032: *
033: * @author Scott.Stark@jboss.org
034: * @version $Revison:$
035: */
036: public class WebSecurityMetaData {
037: /** The set of all http methods: DELETE, GET, HEAD, OPTIONS, POST, PUT, TRACE */
038: public static final Set ALL_HTTP_METHODS;
039: public static final String[] ALL_HTTP_METHOD_NAMES;
040:
041: static {
042: TreeSet tmp = new TreeSet();
043: tmp.add("GET");
044: tmp.add("POST");
045: tmp.add("PUT");
046: tmp.add("DELETE");
047: tmp.add("HEAD");
048: tmp.add("OPTIONS");
049: tmp.add("TRACE");
050: ALL_HTTP_METHODS = Collections.unmodifiableSortedSet(tmp);
051: ALL_HTTP_METHOD_NAMES = new String[ALL_HTTP_METHODS.size()];
052: ALL_HTTP_METHODS.toArray(ALL_HTTP_METHOD_NAMES);
053: }
054:
055: /** The HashMap<String, WebResourceCollection> for the
056: * security-constraint/web-resource-collection elements
057: */
058: private HashMap webResources = new HashMap();
059: /** Set<String> of the allowed role names defined by the
060: * security-constraint/auth-constraint elements
061: */
062: private Set roles = new HashSet();
063:
064: /** The optional security-constraint/user-data-constraint/transport-guarantee */
065: private String transportGuarantee;
066: /** The unchecked flag is set when there is no security-constraint/auth-constraint
067: */
068: private boolean unchecked = false;
069: /** The excluded flag is set when there is an empty
070: security-constraint/auth-constraint element
071: */
072: private boolean excluded = false;
073:
074: public static String[] getMissingHttpMethods(HashSet httpMethods) {
075: String[] methods = {};
076: if (httpMethods.size() > 0
077: && httpMethods.containsAll(ALL_HTTP_METHODS) == false) {
078: HashSet missingMethods = new HashSet(ALL_HTTP_METHODS);
079: missingMethods.removeAll(httpMethods);
080: methods = new String[missingMethods.size()];
081: missingMethods.toArray(methods);
082: }
083: return methods;
084: }
085:
086: public WebResourceCollection addWebResource(String name) {
087: WebResourceCollection webrc = new WebResourceCollection(name);
088: if (webResources.containsKey(name) == true) {
089: // A non-unique name, unique it
090: name = name + '@' + System.identityHashCode(webrc);
091: }
092: webResources.put(name, webrc);
093: return webrc;
094: }
095:
096: public HashMap getWebResources() {
097: return webResources;
098: }
099:
100: public void addRole(String name) {
101: roles.add(name);
102: }
103:
104: /** Get the security-constraint/auth-constraint values. An empty role
105: * set must be qualified by the isUnchecked and isExcluded methods.
106: *
107: * @return Set<String> for the role names
108: */
109: public Set getRoles() {
110: return roles;
111: }
112:
113: /** Get the security-constraint/transport-guarantee setting
114: @return null == no guarantees
115: INTEGRAL == an integretity guarantee
116: CONFIDENTIAL == protected for confidentiality
117: */
118: public String getTransportGuarantee() {
119: return transportGuarantee;
120: }
121:
122: public void setTransportGuarantee(String transportGuarantee) {
123: this .transportGuarantee = transportGuarantee;
124: }
125:
126: public boolean isUnchecked() {
127: return unchecked;
128: }
129:
130: public void setUnchecked(boolean flag) {
131: this .unchecked = flag;
132: }
133:
134: public boolean isExcluded() {
135: return excluded;
136: }
137:
138: public void setExcluded(boolean flag) {
139: this .excluded = flag;
140: }
141:
142: /** The security-constraint/web-resource-collection child element container
143: *
144: */
145: public static class WebResourceCollection {
146: /** The required web-resource-name element */
147: private String name;
148: /** The required url-pattern element(s) */
149: private HashSet urlPatterns = new HashSet();
150: /** The optional http-method element(s) */
151: private ArrayList httpMethods = new ArrayList();
152:
153: public WebResourceCollection(String name) {
154: this .name = name;
155: }
156:
157: public String getName() {
158: return name;
159: }
160:
161: public void addPattern(String pattern) {
162: urlPatterns.add(pattern);
163: }
164:
165: /** Get the url-patterns specified in the resource collection.
166: * @return
167: */
168: public String[] getUrlPatterns() {
169: String[] patterns = {};
170: patterns = new String[urlPatterns.size()];
171: urlPatterns.toArray(patterns);
172: return patterns;
173: }
174:
175: public void addHttpMethod(String method) {
176: httpMethods.add(method);
177: }
178:
179: /** The optional security-constraint/web-resource-collection/http-method
180: @return empty for all methods, a subset of GET, POST, PUT, DELETE,
181: HEAD, OPTIONS, TRACE otherwise
182: */
183: public String[] getHttpMethods() {
184: String[] methods = {};
185: if (httpMethods.containsAll(ALL_HTTP_METHODS) == false) {
186: methods = new String[httpMethods.size()];
187: httpMethods.toArray(methods);
188: }
189: return methods;
190: }
191:
192: /** Return the http methods that were not specified in the collection.
193: If there were a subset of the ALL_HTTP_METHODS given, then this
194: method returns the ALL_HTTP_METHODS - the subset. If no or all
195: ALL_HTTP_METHODS were specified this return an empty array.
196: @return empty for all methods, a subset of GET, POST, PUT, DELETE,
197: HEAD, OPTIONS, TRACE otherwise
198: */
199: public String[] getMissingHttpMethods() {
200: String[] methods = {};
201: if (httpMethods.size() > 0
202: && httpMethods.containsAll(ALL_HTTP_METHODS) == false) {
203: HashSet missingMethods = new HashSet(ALL_HTTP_METHODS);
204: missingMethods.removeAll(httpMethods);
205: methods = new String[missingMethods.size()];
206: missingMethods.toArray(methods);
207: }
208: return methods;
209: }
210: }
211: }
|