Class SecurityConstraint
java.lang.Object
org.apache.tomcat.util.descriptor.web.XmlEncodingBase
org.apache.tomcat.util.descriptor.web.SecurityConstraint
- All Implemented Interfaces:
Serializable
Representation of a security constraint element for a web application,
as represented in a
<security-constraint>
element in the
deployment descriptor.
WARNING: It is assumed that instances of this class will be created and modified only within the context of a single thread, before the instance is made visible to the remainder of the application. After that, only read access is expected. Therefore, none of the read and write access within this class is synchronized.
- Author:
- Craig R. McClanahan
- See Also:
-
Field Summary
-
Constructor Summary
ConstructorDescriptionConstruct a new security constraint instance with default values. -
Method Summary
Modifier and TypeMethodDescriptionvoid
addAuthRole
(String authRole) Add an authorization role, which is a role name that will be permitted access to the resources protected by this security constraint.void
addCollection
(SecurityCollection collection) Add a new web resource collection to those protected by this security constraint.static SecurityConstraint[]
createConstraints
(ServletSecurityElement element, String urlPattern) Convert aServletSecurityElement
to an array ofSecurityConstraint
(s).boolean
findAuthRole
(String role) Check a role.String[]
Return the set of roles that are permitted access to the resources protected by this security constraint.findCollection
(String name) Return the web resource collection for the specified name, if any; otherwise, returnnull
.Return all of the web resource collections protected by this security constraint.static SecurityConstraint[]
findUncoveredHttpMethods
(SecurityConstraint[] constraints, boolean denyUncoveredHttpMethods, Log log) boolean
Was the "all roles" wildcard included in this authentication constraint?boolean
Return the authorization constraint present flag for this security constraint.boolean
Was the "all authenticated users" wildcard included in this authentication constraint?Return the user data constraint for this security constraint.boolean
Check if the constraint applies to a URI and method.void
removeAuthRole
(String authRole) Remove the specified role from the set of roles permitted to access the resources protected by this security constraint.void
removeCollection
(SecurityCollection collection) Remove the specified web resource collection from those protected by this security constraint.void
setAuthConstraint
(boolean authConstraint) Set the authorization constraint present flag for this security constraint.void
setCharset
(Charset charset) void
setDisplayName
(String displayName) Set the display name of this security constraint.void
setUserConstraint
(String userConstraint) Set the user data constraint for this security constraint.toString()
Return a String representation of this security constraint.void
Called in the unlikely event that an application defines a role named "**".Methods inherited from class org.apache.tomcat.util.descriptor.web.XmlEncodingBase
getCharset
-
Field Details
-
ROLE_ALL_ROLES
- See Also:
-
ROLE_ALL_AUTHENTICATED_USERS
- See Also:
-
-
Constructor Details
-
SecurityConstraint
public SecurityConstraint()Construct a new security constraint instance with default values.
-
-
Method Details
-
getAllRoles
public boolean getAllRoles()Was the "all roles" wildcard included in this authentication constraint?- Returns:
true
if all roles
-
getAuthenticatedUsers
public boolean getAuthenticatedUsers()Was the "all authenticated users" wildcard included in this authentication constraint?- Returns:
true
if all authenticated users
-
getAuthConstraint
public boolean getAuthConstraint()Return the authorization constraint present flag for this security constraint.- Returns:
true
if this needs authorization
-
setAuthConstraint
public void setAuthConstraint(boolean authConstraint) Set the authorization constraint present flag for this security constraint.- Parameters:
authConstraint
- The new value
-
getDisplayName
- Returns:
- the display name of this security constraint.
-
setDisplayName
Set the display name of this security constraint.- Parameters:
displayName
- The new value
-
getUserConstraint
Return the user data constraint for this security constraint.- Returns:
- the user constraint
-
setUserConstraint
Set the user data constraint for this security constraint.- Parameters:
userConstraint
- The new user data constraint
-
treatAllAuthenticatedUsersAsApplicationRole
public void treatAllAuthenticatedUsersAsApplicationRole()Called in the unlikely event that an application defines a role named "**". -
addAuthRole
Add an authorization role, which is a role name that will be permitted access to the resources protected by this security constraint.- Parameters:
authRole
- Role name to be added
-
setCharset
- Overrides:
setCharset
in classXmlEncodingBase
-
addCollection
Add a new web resource collection to those protected by this security constraint.- Parameters:
collection
- The new web resource collection
-
findAuthRole
Check a role.- Parameters:
role
- Role name to be checked- Returns:
true
if the specified role is permitted access to the resources protected by this security constraint.
-
findAuthRoles
Return the set of roles that are permitted access to the resources protected by this security constraint. If none have been defined, a zero-length array is returned (which implies that all authenticated users are permitted access).- Returns:
- the roles array
-
findCollection
Return the web resource collection for the specified name, if any; otherwise, returnnull
.- Parameters:
name
- Web resource collection name to return- Returns:
- the collection
-
findCollections
Return all of the web resource collections protected by this security constraint. If there are none, a zero-length array is returned.- Returns:
- the collections array
-
included
Check if the constraint applies to a URI and method.- Parameters:
uri
- Context-relative URI to checkmethod
- Request method being used- Returns:
true
if the specified context-relative URI (and associated HTTP method) are protected by this security constraint.
-
removeAuthRole
Remove the specified role from the set of roles permitted to access the resources protected by this security constraint.- Parameters:
authRole
- Role name to be removed
-
removeCollection
Remove the specified web resource collection from those protected by this security constraint.- Parameters:
collection
- Web resource collection to be removed
-
toString
Return a String representation of this security constraint. -
createConstraints
public static SecurityConstraint[] createConstraints(ServletSecurityElement element, String urlPattern) Convert aServletSecurityElement
to an array ofSecurityConstraint
(s).- Parameters:
element
- The element to be convertedurlPattern
- The url pattern that the element should be applied to- Returns:
- The (possibly zero length) array of constraints that are the equivalent to the input
-
findUncoveredHttpMethods
public static SecurityConstraint[] findUncoveredHttpMethods(SecurityConstraint[] constraints, boolean denyUncoveredHttpMethods, Log log)
-