Refine search
public ServletSecurityElement(ServletSecurity servletSecurity) throws IllegalArgumentException { super(servletSecurity.value().value(), servletSecurity.value().transportGuarantee(), servletSecurity.value().rolesAllowed()); Collection<HttpMethodConstraintElement> httpMethodConstraints = new ArrayList<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint: servletSecurity.httpMethodConstraints()) { httpMethodConstraints.add(new HttpMethodConstraintElement(constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } this.httpMethodConstraints = Collections.unmodifiableCollection(httpMethodConstraints); methodNames = toMethodNames(httpMethodConstraints); }
/** * @author Innokenty Shuvalov innokenty@yandex-team.ru */ @WebServlet(urlPatterns = {"/quota"}, asyncSupported = true) @ServletSecurity(value = @HttpConstraint(rolesAllowed = {"user"})) public class QuotaServlet extends SpringHttpServlet { @Autowired private transient ConfigRepository config; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setStatus(SC_OK); resp.setContentType(APPLICATION_JSON_VALUE); try (OutputStream output = resp.getOutputStream()) { String jsonResponse = toJson(config.getBrowsersCountMap(req.getRemoteUser())); IOUtils.write(jsonResponse, output, UTF_8); } } }
/** * Constructs an instance from a {@link ServletSecurity} annotation value. * * @param annotation the annotation value * * @throws IllegalArgumentException if duplicate method names are * detected */ public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) { this.methodConstraints.add( new HttpMethodConstraintElement( constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } methodNames = checkMethodNames(this.methodConstraints); }
/** * @author Dmitry Baev charlie@yandex-team.ru */ @WebServlet(urlPatterns = {"/stats"}, asyncSupported = true) @ServletSecurity(value = @HttpConstraint(rolesAllowed = {"user"})) public class StatsServlet extends SpringHttpServlet { @Autowired private transient StatsCounter statsCounter; @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setStatus(SC_OK); response.setContentType(APPLICATION_JSON_VALUE); try (OutputStream output = response.getOutputStream()) { IOUtils.write(JsonFormatter.toJson( statsCounter.getStats(request.getRemoteUser()) ), output, UTF_8); } } }
public ServletSecurityElement(ServletSecurity servletSecurity) throws IllegalArgumentException { super(servletSecurity.value().value(), servletSecurity.value().transportGuarantee(), servletSecurity.value().rolesAllowed()); Collection<HttpMethodConstraintElement> httpMethodConstraints = new ArrayList<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint: servletSecurity.httpMethodConstraints()) { httpMethodConstraints.add(new HttpMethodConstraintElement(constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } this.httpMethodConstraints = Collections.unmodifiableCollection(httpMethodConstraints); methodNames = toMethodNames(httpMethodConstraints); }
@DeclareRoles({ "architect", "admin" }) @WebServlet("/servlet") @ServletSecurity(@HttpConstraint(rolesAllowed = "architect")) public class Servlet extends HttpServlet { private static final long serialVersionUID = 1L; @Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String webName = null; if (request.getUserPrincipal() != null) { webName = request.getUserPrincipal().getName(); } response.getWriter().write("web username: " + webName + "\n"); response.getWriter().write("web user has role \"architect\": " + request.isUserInRole("architect") + "\n"); } }
public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); HttpMethodConstraint []methodConstraints = annotation.httpMethodConstraints(); for (HttpMethodConstraint methodConstraint : methodConstraints) { String httpMethod = methodConstraint.value(); if (_methodNames.contains(httpMethod)) { throw new IllegalArgumentException("Http method " + httpMethod + " was already used."); } else { _methodNames.add(httpMethod); HttpMethodConstraintElement methodConstraintElement = new HttpMethodConstraintElement(httpMethod, new HttpConstraintElement( methodConstraint.emptyRoleSemantic(), methodConstraint.transportGuarantee(), methodConstraint.rolesAllowed())); _httpMethodConstraints.add(methodConstraintElement); } } }
/** * Protected version of {@link SimpleServlet}. Only {@value #ALLOWED_ROLE} role has access right. * * @author Josef Cacek */ @DeclareRoles({ SimpleSecuredServlet.ALLOWED_ROLE }) @ServletSecurity(@HttpConstraint(rolesAllowed = { SimpleSecuredServlet.ALLOWED_ROLE })) @WebServlet(SimpleSecuredServlet.SERVLET_PATH) public class SimpleSecuredServlet extends SimpleServlet { /** The serialVersionUID */ private static final long serialVersionUID = 1L; public static final String SERVLET_PATH = "/SimpleSecuredServlet"; public static final String ALLOWED_ROLE = "JBossAdmin"; }
/** * Constructs an instance from a {@link ServletSecurity} annotation value. * * @param annotation the annotation value * * @throws IllegalArgumentException if duplicate method names are * detected */ public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) { this.methodConstraints.add( new HttpMethodConstraintElement( constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } methodNames = checkMethodNames(this.methodConstraints); }
@ServletSecurity(@HttpConstraint(rolesAllowed = { "*" })) public class RolePrintingServlet extends HttpServlet {
/** * Constructs an instance from a {@link ServletSecurity} annotation value. * * @param annotation the annotation value * * @throws IllegalArgumentException if duplicate method names are * detected */ public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) { this.methodConstraints.add( new HttpMethodConstraintElement( constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } methodNames = checkMethodNames(this.methodConstraints); }
@ServletSecurity(@HttpConstraint(rolesAllowed={"user"})) public class SecuredServlet extends HttpServlet {
/** * Constructs an instance from a {@link ServletSecurity} annotation value. * * @param annotation the annotation value * * @throws IllegalArgumentException if duplicate method names are * detected */ public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) { this.methodConstraints.add( new HttpMethodConstraintElement( constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } methodNames = checkMethodNames(this.methodConstraints); }
@ServletSecurity(@HttpConstraint(rolesAllowed = { SecuredPrincipalPrintingServlet.ALLOWED_ROLE })) @WebServlet(SecuredPrincipalPrintingServlet.SERVLET_PATH) public class SecuredPrincipalPrintingServlet extends HttpServlet {
/** * Constructs an instance from a {@link ServletSecurity} annotation value. * * @param annotation the annotation value * * @throws IllegalArgumentException if duplicate method names are * detected */ public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) { this.methodConstraints.add( new HttpMethodConstraintElement( constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } methodNames = checkMethodNames(this.methodConstraints); }
@ServletSecurity(@HttpConstraint(rolesAllowed={"user"})) public class SecuredServlet extends HttpServlet {
/** * Constructs an instance from a {@link ServletSecurity} annotation value. * * @param annotation the annotation value * * @throws IllegalArgumentException if duplicate method names are * detected */ public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) { this.methodConstraints.add( new HttpMethodConstraintElement( constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } methodNames = checkMethodNames(this.methodConstraints); }
@ServletSecurity(value = @HttpConstraint(rolesAllowed = {"user"})) public class RouteServlet extends SpringHttpServlet {
/** * Constructs an instance from a {@link ServletSecurity} annotation value. * * @param annotation the annotation value * * @throws IllegalArgumentException if duplicate method names are * detected */ public ServletSecurityElement(ServletSecurity annotation) { super(annotation.value().value(), annotation.value().transportGuarantee(), annotation.value().rolesAllowed()); this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); for (HttpMethodConstraint constraint : annotation.httpMethodConstraints()) { this.methodConstraints.add( new HttpMethodConstraintElement( constraint.value(), new HttpConstraintElement(constraint.emptyRoleSemantic(), constraint.transportGuarantee(), constraint.rolesAllowed()))); } methodNames = checkMethodNames(this.methodConstraints); }
@ServletSecurity(@HttpConstraint(rolesAllowed = "foo")) public class TestServlet extends HttpServlet {