@Override public Set<String> setServletSecurity(ServletSecurityElement constraint) { this.servletSecurityElement = constraint; Set<String> conflictUrls = new HashSet<String>(wcd.getUrlPatternsSet()); conflictUrls.removeAll(ServletSecurityHandler.getUrlPatternsWithoutSecurityConstraint(wcd)); conflictUrls.addAll(super.setServletSecurity(constraint)); return conflictUrls; }
void processServletSecurityElement(ServletSecurityElement servletSecurityElement, WebBundleDescriptor wbd, WebComponentDescriptor wcd) { Set<String> urlPatterns = ServletSecurityHandler.getUrlPatternsWithoutSecurityConstraint(wcd); if (urlPatterns.size() > 0) { SecurityConstraint securityConstraint = ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, servletSecurityElement.getRolesAllowed(), servletSecurityElement.getEmptyRoleSemantic(), servletSecurityElement.getTransportGuarantee(), null); //we know there is one WebResourceCollection there WebResourceCollection webResColl = securityConstraint.getWebResourceCollections().iterator().next(); for (HttpMethodConstraintElement httpMethodConstraintElement : servletSecurityElement.getHttpMethodConstraints()) { String httpMethod = httpMethodConstraintElement.getMethodName(); ServletSecurityHandler.createSecurityConstraint(wbd, urlPatterns, httpMethodConstraintElement.getRolesAllowed(), httpMethodConstraintElement.getEmptyRoleSemantic(), httpMethodConstraintElement.getTransportGuarantee(), httpMethod); //exclude this from the top level constraint webResColl.addHttpMethodOmission(httpMethod); } } }
Set<String> urlPatterns = getUrlPatternsWithoutSecurityConstraint(webCompDesc);