Public Member Functions | |
PermissionManager (WebContainerDeploymentDesc webContainerDeploymentDesc, String contextId) throws PermissionManagerException | |
void | translateServletDeploymentDescriptor () throws PermissionManagerException |
boolean | checkWebUserDataPermission (HttpServletRequest request, String principalName, String[] roles) |
boolean | checkWebResourcePermission (HttpServletRequest request, String principalName, String[] roles) |
boolean | checkWebRoleRefPermission (HttpServletRequest request, String servletName, String principalName, String[] roles, String roleName) |
Protected Member Functions | |
void | translateSecurityConstraintElements () throws PermissionManagerException |
void | translateServletSecurityRoleRef () throws PermissionManagerException |
void | resetDeploymentDesc () |
Definition at line 72 of file PermissionManager.java.
|
Default Constructor
Definition at line 90 of file PermissionManager.java. |
|
Check the security for a given HttpServletReauest
Definition at line 332 of file PermissionManager.java. |
|
Check the security for a given HttpServletReauest
Definition at line 362 of file PermissionManager.java. |
|
Check the security for a given HttpServletReauest
Definition at line 302 of file PermissionManager.java. |
|
Reset Deployment Descriptor Definition at line 434 of file PermissionManager.java. |
|
3.1.3.1 Translating security-constraint elements The paragraphs of this section describe the translation of security-constraints into WebResourcePermission and WebUserDataPermission objects constructed using qualified URL pattern names. In the exceptional case, as defined in Qualified URL Pattern Names, where a pattern is made irrelevant by a qualifying pattern, the permission instantiations that would result from the translation of the pattern, as described below, must not be performed. Otherwise, the translation of URL patterns in security constraints must yield an equivalent translation to the translation that would result from following the instructions in the remainder of this section. [...]
Definition at line 132 of file PermissionManager.java. References org.objectweb.jonas_web.deployment.api.SecurityConstraintListDesc.getExcludedPermissions(), org.objectweb.jonas_web.deployment.api.SecurityConstraintListDesc.getPermissionsByRole(), org.objectweb.jonas_web.deployment.api.WebContainerDeploymentDesc.getSecurityConstraintListDesc(), and org.objectweb.jonas_web.deployment.api.SecurityConstraintListDesc.getUncheckedPermissions(). Referenced by org.objectweb.jonas.web.lib.PermissionManager.translateServletDeploymentDescriptor(). |
Here is the call graph for this function:
|
3.1.3.Translating Servlet Deployment Descriptors A reference to a PolicyConfiguration object must be obtained by calling the getPolicyConfiguration method on the PolicyConfigurationFactory implementation class of the provider configured into the container. The policy context identifier used in the call to the getPolicyConfiguration method must be a String composed as described in Section 3.1.2, Servlet Policy Context Identifiers, on page 19. The value true must be passed as the second parameter in the call to getPolicyConfiguration to ensure that any and all policy statements are removed from the policy context associated with the returned PolicyConfiguration. The security-constraint and securityrole-ref elements in the deployment descriptor must be translated into permissions and added to the PolicyConfiguration object as defined in the following sections.
Definition at line 113 of file PermissionManager.java. References org.objectweb.jonas.web.lib.PermissionManager.translateSecurityConstraintElements(), and org.objectweb.jonas.web.lib.PermissionManager.translateServletSecurityRoleRef(). |
Here is the call graph for this function:
|
3.1.3.2 Translating Servlet security-role-ref Elements For each security-role-ref appearing in the deployment descriptor a corresponding WebRoleRefPermission must be added to the corresponding role. The name of the WebRoleRefPermission must be the servlet-name in whose context the security-role-ref is defined. The actions of the WebRoleRefPermission must be the value of the role-name (that is the reference), appearing in the security-role-ref. The deployment tools must call the addToRole method on the PolicyConfiguration object to add the WebRoleRefPermission object resulting from the translation to the role identified in the role-link appearing in the security-role-ref. Additional WebRoleRefPermission objects must be added to the PolicyConfiguration as follows. For each servlet element in the deployment descriptor a WebRoleRefPermission must be added to each security-role whose name does not appear as the role-name in a security-role-ref within the servlet element. The name of each such WebRoleRefPermission must be the servlet-name of the corresponding servlet element. The actions (that is, reference) of each such WebRoleRefPermission must be the corresponding (non-appearing) role-name. The resulting permissions must be added to the corresponding roles by calling the addToRole method on the PolicyConfiguration object.
For resolution B19 added for maintenance review, WebRoleRefPermission must be added with empty strings for every security role Add permission with empty name B19 resolution Definition at line 182 of file PermissionManager.java. References org.objectweb.jonas_lib.deployment.api.SecurityRoleRefDesc.getRoleLink(), org.objectweb.jonas_web.deployment.api.SecurityRoleDesc.getRoleName(), org.objectweb.jonas_lib.deployment.api.SecurityRoleRefDesc.getRoleName(), org.objectweb.jonas_web.deployment.api.WebContainerDeploymentDesc.getSecurityRoleList(), org.objectweb.jonas_web.deployment.api.ServletDesc.getSecurityRoleRefList(), org.objectweb.jonas_web.deployment.api.WebContainerDeploymentDesc.getServletDescList(), org.objectweb.jonas_web.deployment.api.ServletDesc.getServletName(), and org.objectweb.jonas_lib.deployment.api.SecurityRoleRefDesc.getWebRoleRefPermission(). Referenced by org.objectweb.jonas.web.lib.PermissionManager.translateServletDeploymentDescriptor(). |
Here is the call graph for this function: