SecurityConstraint (Apache Tomcat 8.0.53 API Documentation)

java.lang.Object
- org.apache.tomcat.util.descriptor.web.XmlEncodingBase
- - org.apache.tomcat.util.descriptor.web.SecurityConstraint

All Implemented Interfaces:

java.io.Serializable
```
public class SecurityConstraint
extends XmlEncodingBase
implements java.io.Serializable
```
Representation of a security constraint element for a web application, as represented in a <security-constraint> element in the deployment descriptor.
WARNING: It is assumed that instances of this class will be created and modified only within the context of a single thread, before the instance is made visible to the remainder of the application. After that, only read access is expected. Therefore, none of the read and write access within this class is synchronized.

Author:

Craig R. McClanahan

See Also:
Serialized Form

Field Summary

Fields
Modifier and Type Field and Description

static java.lang.String ROLE_ALL_AUTHENTICATED_USERS

static java.lang.String ROLE_ALL_ROLES

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`ROLE_ALL_AUTHENTICATED_USERS`
`static java.lang.String`	`ROLE_ALL_ROLES`

Constructor Summary

Constructors
Constructor and Description

SecurityConstraint()
Construct a new security constraint instance with default values.

Constructors
Constructor and Description
`SecurityConstraint()` Construct a new security constraint instance with default values.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addAuthRole(java.lang.String authRole)` Add an authorization role, which is a role name that will be permitted access to the resources protected by this security constraint.
`void`	`addCollection(SecurityCollection collection)` Add a new web resource collection to those protected by this security constraint.
`static SecurityConstraint[]`	`createConstraints(ServletSecurityElement element, java.lang.String urlPattern)` Convert a `ServletSecurityElement` to an array of `SecurityConstraint`(s).
`boolean`	`findAuthRole(java.lang.String role)` Return `true` if the specified role is permitted access to the resources protected by this security constraint.
`java.lang.String[]`	`findAuthRoles()` Return the set of roles that are permitted access to the resources protected by this security constraint.
`SecurityCollection`	`findCollection(java.lang.String name)` Return the web resource collection for the specified name, if any; otherwise, return `null`.
`SecurityCollection[]`	`findCollections()` Return all of the web resource collections protected by this security constraint.
`static SecurityConstraint[]`	`findUncoveredHttpMethods(SecurityConstraint[] constraints, boolean denyUncoveredHttpMethods, Log log)`
`boolean`	`getAllRoles()` Was the "all roles" wildcard included in this authentication constraint?
`boolean`	`getAuthConstraint()` Return the authorization constraint present flag for this security constraint.
`boolean`	`getAuthenticatedUsers()` Was the "all authenticated users" wildcard included in this authentication constraint?
`java.lang.String`	`getDisplayName()` Return the display name of this security constraint.
`java.lang.String`	`getUserConstraint()` Return the user data constraint for this security constraint.
`boolean`	`included(java.lang.String uri, java.lang.String method)` Return `true` if the specified context-relative URI (and associated HTTP method) are protected by this security constraint.
`void`	`removeAuthRole(java.lang.String authRole)` Remove the specified role from the set of roles permitted to access the resources protected by this security constraint.
`void`	`removeCollection(SecurityCollection collection)` Remove the specified web resource collection from those protected by this security constraint.
`void`	`setAuthConstraint(boolean authConstraint)` Set the authorization constraint present flag for this security constraint.
`void`	`setDisplayName(java.lang.String displayName)` Set the display name of this security constraint.
`void`	`setUserConstraint(java.lang.String userConstraint)` Set the user data constraint for this security constraint.
`java.lang.String`	`toString()` Return a String representation of this security constraint.
`void`	`treatAllAuthenticatedUsersAsApplicationRole()` Called in the unlikely event that an application defines a role named "**".

Methods inherited from class org.apache.tomcat.util.descriptor.web.XmlEncodingBase
getEncoding, setEncoding

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - ROLE_ALL_ROLES
```
public static final java.lang.String ROLE_ALL_ROLES
```
    See Also:
    Constant Field Values
  - ROLE_ALL_AUTHENTICATED_USERS
```
public static final java.lang.String ROLE_ALL_AUTHENTICATED_USERS
```
    See Also:
    Constant Field Values
- Constructor Detail
  - SecurityConstraint
```
public SecurityConstraint()
```
    Construct a new security constraint instance with default values.
- Method Detail
  - getAllRoles
```
public boolean getAllRoles()
```
    Was the "all roles" wildcard included in this authentication constraint?
  - getAuthenticatedUsers
```
public boolean getAuthenticatedUsers()
```
    Was the "all authenticated users" wildcard included in this authentication constraint?
  - getAuthConstraint
```
public boolean getAuthConstraint()
```
    Return the authorization constraint present flag for this security constraint.
  - setAuthConstraint
```
public void setAuthConstraint(boolean authConstraint)
```
    Set the authorization constraint present flag for this security constraint.
  - getDisplayName
```
public java.lang.String getDisplayName()
```
    Return the display name of this security constraint.
  - setDisplayName
```
public void setDisplayName(java.lang.String displayName)
```
    Set the display name of this security constraint.
  - getUserConstraint
```
public java.lang.String getUserConstraint()
```
    Return the user data constraint for this security constraint.
  - setUserConstraint
```
public void setUserConstraint(java.lang.String userConstraint)
```
    Set the user data constraint for this security constraint.
    
    Parameters:
    userConstraint - The new user data constraint
  - treatAllAuthenticatedUsersAsApplicationRole
```
public void treatAllAuthenticatedUsersAsApplicationRole()
```
    Called in the unlikely event that an application defines a role named "**".
  - addAuthRole
```
public void addAuthRole(java.lang.String authRole)
```
    Add an authorization role, which is a role name that will be permitted access to the resources protected by this security constraint.
    
    Parameters:
    authRole - Role name to be added
  - addCollection
```
public void addCollection(SecurityCollection collection)
```
    Add a new web resource collection to those protected by this security constraint.
    
    Parameters:
    collection - The new web resource collection
  - findAuthRole
```
public boolean findAuthRole(java.lang.String role)
```
    Return true if the specified role is permitted access to the resources protected by this security constraint.
    
    Parameters:
    role - Role name to be checked
  - findAuthRoles
```
public java.lang.String[] findAuthRoles()
```
    Return the set of roles that are permitted access to the resources protected by this security constraint. If none have been defined, a zero-length array is returned (which implies that all authenticated users are permitted access).
  - findCollection
```
public SecurityCollection findCollection(java.lang.String name)
```
    Return the web resource collection for the specified name, if any; otherwise, return null.
    
    Parameters:
    name - Web resource collection name to return
  - findCollections
```
public SecurityCollection[] findCollections()
```
    Return all of the web resource collections protected by this security constraint. If there are none, a zero-length array is returned.
  - included
```
public boolean included(java.lang.String uri,
               java.lang.String method)
```
    Return true if the specified context-relative URI (and associated HTTP method) are protected by this security constraint.
    
    Parameters:
    uri - Context-relative URI to check
    method - Request method being used
  - removeAuthRole
```
public void removeAuthRole(java.lang.String authRole)
```
    Remove the specified role from the set of roles permitted to access the resources protected by this security constraint.
    
    Parameters:
    authRole - Role name to be removed
  - removeCollection
```
public void removeCollection(SecurityCollection collection)
```
    Remove the specified web resource collection from those protected by this security constraint.
    
    Parameters:
    collection - Web resource collection to be removed
  - toString
```
public java.lang.String toString()
```
    Return a String representation of this security constraint.
    
    Overrides:
    
    toString in class java.lang.Object
  - createConstraints
```
public static SecurityConstraint[] createConstraints(ServletSecurityElement element,
                                     java.lang.String urlPattern)
```
    Convert a ServletSecurityElement to an array of SecurityConstraint(s).
    
    Parameters:
    element - The element to be converted
    urlPattern - The url pattern that the element should be applied to
    
    Returns:
    The (possibly zero length) array of constraints that are the equivalent to the input
  - findUncoveredHttpMethods
```
public static SecurityConstraint[] findUncoveredHttpMethods(SecurityConstraint[] constraints,
                                            boolean denyUncoveredHttpMethods,
                                            Log log)
```

Class SecurityConstraint

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.apache.tomcat.util.descriptor.web.XmlEncodingBase

Methods inherited from class java.lang.Object

Field Detail

ROLE_ALL_ROLES

ROLE_ALL_AUTHENTICATED_USERS

Constructor Detail

SecurityConstraint

Method Detail

getAllRoles

getAuthenticatedUsers

getAuthConstraint

setAuthConstraint

getDisplayName

setDisplayName

getUserConstraint

setUserConstraint

treatAllAuthenticatedUsersAsApplicationRole

addAuthRole

addCollection

findAuthRole

findAuthRoles

findCollection

findCollections

included

removeAuthRole

removeCollection

toString

createConstraints

findUncoveredHttpMethods