Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package io.undertow.servlet.handlers.security;
  
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.List;
  import java.util.Map;
  import java.util.Set;
 

Author(s):
Stuart Douglas
 
 public class SecurityPathMatches {
 
     private final boolean denyUncoveredHttpMethods;
 
     private SecurityPathMatches(final boolean denyUncoveredHttpMethodsfinal PathSecurityInformation defaultPathSecurityInformationfinal Map<StringPathSecurityInformationexactPathRoleInformationfinal Map<StringPathSecurityInformationprefixPathRoleInformationfinal Map<StringPathSecurityInformationextensionRoleInformation) {
         this. = denyUncoveredHttpMethods;
         this. = defaultPathSecurityInformation;
         this. = exactPathRoleInformation;
         this. = prefixPathRoleInformation;
         this. = extensionRoleInformation;
     }

    

Returns:
true If no security path information has been defined
 
     public boolean isEmpty() {
                 ..isEmpty() &&
                 ..isEmpty() &&
                 .isEmpty() &&
                 .isEmpty() &&
                 .isEmpty();
     }
 
     public SecurityPathMatch getSecurityInfo(final String pathfinal String method) {
         RuntimeMatch currentMatch = new RuntimeMatch();
         handleMatch(methodcurrentMatch);
         PathSecurityInformation match = .get(path);
         if (match != null) {
             handleMatch(methodmatchcurrentMatch);
         }
 
         match = .get(path);
         if (match != null) {
             handleMatch(methodmatchcurrentMatch);
         }
 
         int qsPos = -1;
         boolean extension = false;
         for (int i = path.length() - 1; i >= 0; --i) {
             final char c = path.charAt(i);
             if (c == '?') {
                 //there was a query string, check the exact matches again
                 final String part = path.substring(0, i);
                 match = .get(part);
                 if (match != null) {
                     handleMatch(methodmatchcurrentMatch);
                 }
                 qsPos = i;
                 extension = false;
             } else if (c == '/') {
                 extension = true;
                 final String part = path.substring(0, i);
                 match = .get(part);
                 if (match != null) {
                     handleMatch(methodmatchcurrentMatch);
                 }
             } else if (c == '.') {
                 if (!extension) {
                     extension = true;
                     final String ext;
                     if (qsPos == -1) {
                         ext = path.substring(i + 1, path.length());
                     } else {
                         ext = path.substring(i + 1, qsPos);
                     }
                     match = .get(ext);
                     if (match != null) {
                         handleMatch(methodmatchcurrentMatch);
                     }
                 }
             }
         }
 
        return new SecurityPathMatch(currentMatch.typemergeConstraints(currentMatch));
    }

    
merge all constraints, as per 13.8.1 Combining Constraints

Parameters:
constraintSet
    private SingleConstraintMatch mergeConstraints(final RuntimeMatch currentMatch) {
        if(currentMatch.uncovered && ) {
            return new SingleConstraintMatch(.., Collections.<String>emptySet());
        }
        final Set<StringallowedRoles = new HashSet<String>();
        for(SingleConstraintMatch match : currentMatch.constraints) {
            if(match.getRequiredRoles().isEmpty()) {
                return new SingleConstraintMatch(match.getEmptyRoleSemantic(), Collections.<String>emptySet());
            } else {
                allowedRoles.addAll(match.getRequiredRoles());
            }
        }
        return new SingleConstraintMatch(..allowedRoles);
    }
    private void handleMatch(final String methodfinal PathSecurityInformation exactRuntimeMatch currentMatch) {
        List<SecurityInformationroles = exact.defaultRequiredRoles;
        for (SecurityInformation role : roles) {
            transport(currentMatchrole.transportGuaranteeType);
            currentMatch.constraints.add(new SingleConstraintMatch(role.emptyRoleSemanticrole.roles));
            if(role.emptyRoleSemantic == .. || !role.roles.isEmpty()) {
                currentMatch.uncovered = false;
            }
        }
        List<SecurityInformationmethodInfo = exact.perMethodRequiredRoles.get(method);
        if (methodInfo != null) {
            currentMatch.uncovered = false;
            for (SecurityInformation role : methodInfo) {
                transport(currentMatchrole.transportGuaranteeType);
                currentMatch.constraints.add(new SingleConstraintMatch(role.emptyRoleSemanticrole.roles));
            }
        }
        for (ExcludedMethodRoles excluded : exact.excludedMethodRoles) {
            if (!excluded.methods.contains(method)) {
                currentMatch.uncovered = false;
                transport(currentMatchexcluded.securityInformation.transportGuaranteeType);
                currentMatch.constraints.add(new SingleConstraintMatch(excluded.securityInformation.emptyRoleSemanticexcluded.securityInformation.roles));
            }
        }
    }
    private void transport(RuntimeMatch matchTransportGuaranteeType other) {
        if (other.ordinal() > match.type.ordinal()) {
            match.type = other;
        }
    }
    public static Builder builder(final DeploymentInfo deploymentInfo) {
        return new Builder(deploymentInfo);
    }
    public static class Builder {
        private final DeploymentInfo deploymentInfo;
        private Builder(final DeploymentInfo deploymentInfo) {
            this. = deploymentInfo;
        }
        public void addSecurityConstraint(final SecurityConstraint securityConstraint) {
            final Set<Stringroles = expandRolesAllowed(securityConstraint.getRolesAllowed());
            final SecurityInformation securityInformation = new SecurityInformation(rolessecurityConstraint.getTransportGuaranteeType(), securityConstraint.getEmptyRoleSemantic());
            for (final WebResourceCollection webResources : securityConstraint.getWebResourceCollections()) {
                if (webResources.getUrlPatterns().isEmpty()) {
                    //default that is applied to everything
                    setupPathSecurityInformation(securityInformationwebResources);
                }
                for (String pattern : webResources.getUrlPatterns()) {
                    if (pattern.endsWith("/*") || pattern.endsWith("/")) {
                        String part = pattern.substring(0, pattern.lastIndexOf('/'));
                        PathSecurityInformation info = .get(part);
                        if (info == null) {
                            .put(partinfo = new PathSecurityInformation());
                        }
                        setupPathSecurityInformation(infosecurityInformationwebResources);
                    } else if (pattern.startsWith("*.")) {
                        String part = pattern.substring(2, pattern.length());
                        PathSecurityInformation info = .get(part);
                        if (info == null) {
                            .put(partinfo = new PathSecurityInformation());
                        }
                        setupPathSecurityInformation(infosecurityInformationwebResources);
                    } else {
                        PathSecurityInformation info = .get(pattern);
                        if (info == null) {
                            .put(patterninfo = new PathSecurityInformation());
                        }
                        setupPathSecurityInformation(infosecurityInformationwebResources);
                    }
                }
            }
        }
        private Set<StringexpandRolesAllowed(final Set<StringrolesAllowed) {
            final Set<Stringroles = new HashSet<String>(rolesAllowed);
            if (roles.contains("*")) {
                roles.remove("*");
                roles.addAll(.getSecurityRoles());
            }
            return roles;
        }
        private void setupPathSecurityInformation(final PathSecurityInformation infofinal SecurityInformation securityConstraintfinal WebResourceCollection webResources) {
            if (webResources.getHttpMethods().isEmpty() &&
                    webResources.getHttpMethodOmissions().isEmpty()) {
                info.defaultRequiredRoles.add(securityConstraint);
            } else if (!webResources.getHttpMethods().isEmpty()) {
                for (String method : webResources.getHttpMethods()) {
                    List<SecurityInformationsecurityInformations = info.perMethodRequiredRoles.get(method);
                    if (securityInformations == null) {
                        info.perMethodRequiredRoles.put(methodsecurityInformations = new ArrayList<SecurityInformation>());
                    }
                    securityInformations.add(securityConstraint);
                }
            } else if (!webResources.getHttpMethodOmissions().isEmpty()) {
                info.excludedMethodRoles.add(new ExcludedMethodRoles(webResources.getHttpMethodOmissions(), securityConstraint));
            }
        }
        public SecurityPathMatches build() {
        }
    }
    private static class PathSecurityInformation {
    }
    private static final class ExcludedMethodRoles {
        final Set<Stringmethods;
        public ExcludedMethodRoles(final Set<Stringmethodsfinal SecurityInformation securityInformation) {
            this. = methods;
            this. = securityInformation;
        }
    }
    private static final class SecurityInformation {
        final Set<Stringroles;
        private SecurityInformation(final Set<Stringrolesfinal TransportGuaranteeType transportGuaranteeTypefinal SecurityInfo.EmptyRoleSemantic emptyRoleSemantic) {
            this. = emptyRoleSemantic;
            this. = new HashSet<String>(roles);
            this. = transportGuaranteeType;
        }
    }
    private static final class RuntimeMatch {
        boolean uncovered = true;
    }
New to GrepCode? Check out our FAQ X