-
Notifications
You must be signed in to change notification settings - Fork 78
/
ServletSecurityElement.java
150 lines (138 loc) · 6.11 KB
/
ServletSecurityElement.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/*
* Copyright (c) 2017, 2023 Oracle and/or its affiliates and others.
* All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package jakarta.servlet;
import jakarta.servlet.annotation.HttpMethodConstraint;
import jakarta.servlet.annotation.ServletSecurity;
import java.util.*;
/**
* Java Class representation of a {@link ServletSecurity} annotation value.
*
* @since Servlet 3.0
*/
public class ServletSecurityElement extends HttpConstraintElement {
private Collection<String> methodNames;
private Collection<HttpMethodConstraintElement> methodConstraints;
/**
* Constructs an instance using the default <code>HttpConstraintElement</code> value as the default Constraint element
* and with no HTTP Method specific constraint elements.
*/
public ServletSecurityElement() {
methodConstraints = new HashSet<>();
methodNames = Collections.emptySet();
}
/**
* Constructs an instance with a default Constraint element and with no HTTP Method specific constraint elements.
*
* @param constraint the HttpConstraintElement to be applied to all HTTP methods other than those represented in the
* <tt>methodConstraints</tt>
*/
public ServletSecurityElement(HttpConstraintElement constraint) {
super(constraint.getEmptyRoleSemantic(), constraint.getTransportGuarantee(), constraint.getRolesAllowed());
methodConstraints = new HashSet<>();
methodNames = Collections.emptySet();
}
/**
* Constructs an instance using the default <code>HttpConstraintElement</code> value as the default Constraint element
* and with a collection of HTTP Method specific constraint elements.
*
* @param methodConstraints the collection of HTTP method specific constraint elements
*
* @throws IllegalArgumentException if duplicate method names are detected
*/
public ServletSecurityElement(Collection<HttpMethodConstraintElement> methodConstraints) {
this.methodConstraints = (methodConstraints == null ? new HashSet<>() : methodConstraints);
methodNames = checkMethodNames(this.methodConstraints);
}
/**
* Constructs an instance with a default Constraint element and with a collection of HTTP Method specific constraint
* elements.
*
* @param constraint the HttpConstraintElement to be applied to all HTTP methods other than those represented in the
* <tt>methodConstraints</tt>
* @param methodConstraints the collection of HTTP method specific constraint elements.
*
* @throws IllegalArgumentException if duplicate method names are detected
*/
public ServletSecurityElement(HttpConstraintElement constraint,
Collection<HttpMethodConstraintElement> methodConstraints) {
super(constraint.getEmptyRoleSemantic(), constraint.getTransportGuarantee(), constraint.getRolesAllowed());
this.methodConstraints = (methodConstraints == null ? new HashSet<>() : methodConstraints);
methodNames = checkMethodNames(this.methodConstraints);
}
/**
* Constructs an instance from a {@link ServletSecurity} annotation value.
*
* @param annotation the annotation value
*
* @throws IllegalArgumentException if duplicate method names are detected
*/
public ServletSecurityElement(ServletSecurity annotation) {
super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed());
this.methodConstraints = new HashSet<>();
for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) {
this.methodConstraints.add(new HttpMethodConstraintElement(constraint.value(), new HttpConstraintElement(
constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed())));
}
methodNames = checkMethodNames(this.methodConstraints);
}
/**
* Gets the (possibly empty) collection of HTTP Method specific constraint elements.
*
* <p>
* If permitted, any changes to the returned <code>Collection</code> must not affect this
* <code>ServletSecurityElement</code>.
*
*
* @return the (possibly empty) collection of HttpMethodConstraintElement objects
*/
public Collection<HttpMethodConstraintElement> getHttpMethodConstraints() {
return Collections.unmodifiableCollection(methodConstraints);
}
/**
* Gets the set of HTTP method names named by the HttpMethodConstraints.
*
* <p>
* If permitted, any changes to the returned <code>Collection</code> must not affect this
* <code>ServletSecurityElement</code>.
*
*
*
* @return the collection String method names
*/
public Collection<String> getMethodNames() {
return Collections.unmodifiableCollection(methodNames);
}
/**
* Checks for duplicate method names in methodConstraints.
*
* @param methodConstraints
*
* @return Set of method names
*
* @throws IllegalArgumentException if duplicate method names are detected
*/
private Collection<String> checkMethodNames(Collection<HttpMethodConstraintElement> methodConstraints) {
Collection<String> methodNames = new HashSet<>();
for (HttpMethodConstraintElement methodConstraint : methodConstraints) {
String methodName = methodConstraint.getMethodName();
if (!methodNames.add(methodName)) {
throw new IllegalArgumentException("Duplicate HTTP method name: " + methodName);
}
}
return methodNames;
}
}