/** * URI is a a special case. For URI's, /a implies /a/b. * Therefore the test is "/a/b".startsWith("/a"); */ public static boolean impliesURI(URI privilegeURI, URI requestURI) throws URISyntaxException { if (privilegeURI.getPath() == null || requestURI.getPath() == null) { return false; } // ensure that either both schemes are null or equal if (privilegeURI.getScheme() == null && requestURI.getScheme() != null) { return false; } if (privilegeURI.getScheme() != null && !privilegeURI.getScheme().equals(requestURI.getScheme())) { return false; } // request path does not contain relative parts /a/../b && // request path starts with privilege path && // authorities (nullable) are equal String requestPath = ensureEndsWithSeparator(requestURI.getPath()).replace("//", "/"); String privilegePath = ensureEndsWithSeparator(privilegeURI.getPath()).replace("//", "/"); if (requestURI.getPath().equals(requestURI.normalize().getPath()) && requestPath.startsWith(privilegePath) && Strings.nullToEmpty(privilegeURI.getAuthority()).equals( Strings.nullToEmpty(requestURI.getAuthority()))) { return true; } return false; }