org.mortbay.http
Class SecurityConstraint

java.lang.Object
  extended by org.mortbay.http.SecurityConstraint
All Implemented Interfaces:
java.io.Serializable, java.lang.Cloneable

public class SecurityConstraint
extends java.lang.Object
implements java.lang.Cloneable, java.io.Serializable

Describe an auth and/or data constraint.

Version:
$Revision: 1.44 $
Author:
Greg Wilkins (gregw)
See Also:
Serialized Form

Nested Class Summary
static class SecurityConstraint.Nobody
          Nobody user.
 
Field Summary
static java.lang.String __BASIC_AUTH
           
static java.lang.String __CERT_AUTH
           
static java.lang.String __CERT_AUTH2
           
static java.lang.String __DIGEST_AUTH
           
static java.lang.String __FORM_AUTH
           
static SecurityConstraint.Nobody __NOBODY
           
static java.lang.String ANY_ROLE
           
static int DC_CONFIDENTIAL
           
static int DC_INTEGRAL
           
static int DC_NONE
           
static int DC_UNSET
           
static java.lang.String NONE
           
 
Constructor Summary
SecurityConstraint()
          Constructor.
SecurityConstraint(java.lang.String name, java.lang.String role)
          Conveniance Constructor.
 
Method Summary
 void addMethod(java.lang.String method)
           
 void addRole(java.lang.String role)
           
static boolean check(java.util.List constraints, Authenticator authenticator, UserRealm realm, java.lang.String pathInContext, HttpRequest request, HttpResponse response)
          Check security contraints
 java.lang.Object clone()
           
 boolean forMethod(java.lang.String method)
           
 boolean getAuthenticate()
           
 int getDataConstraint()
           
 java.util.List getMethods()
           
 java.util.List getRoles()
           
 boolean hasDataConstraint()
           
 boolean hasRole(java.lang.String role)
           
 boolean isAnyRole()
           
 boolean isForbidden()
           
 void setAuthenticate(boolean authenticate)
           
 void setDataConstraint(int c)
           
 void setName(java.lang.String name)
           
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

__BASIC_AUTH

public static final java.lang.String __BASIC_AUTH
See Also:
Constant Field Values

__FORM_AUTH

public static final java.lang.String __FORM_AUTH
See Also:
Constant Field Values

__DIGEST_AUTH

public static final java.lang.String __DIGEST_AUTH
See Also:
Constant Field Values

__CERT_AUTH

public static final java.lang.String __CERT_AUTH
See Also:
Constant Field Values

__CERT_AUTH2

public static final java.lang.String __CERT_AUTH2
See Also:
Constant Field Values

DC_UNSET

public static final int DC_UNSET
See Also:
Constant Field Values

DC_NONE

public static final int DC_NONE
See Also:
Constant Field Values

DC_INTEGRAL

public static final int DC_INTEGRAL
See Also:
Constant Field Values

DC_CONFIDENTIAL

public static final int DC_CONFIDENTIAL
See Also:
Constant Field Values

NONE

public static final java.lang.String NONE
See Also:
Constant Field Values

ANY_ROLE

public static final java.lang.String ANY_ROLE
See Also:
Constant Field Values

__NOBODY

public static final SecurityConstraint.Nobody __NOBODY
Constructor Detail

SecurityConstraint

public SecurityConstraint()
Constructor.


SecurityConstraint

public SecurityConstraint(java.lang.String name,
                          java.lang.String role)
Conveniance Constructor.

Parameters:
name -
role -
Method Detail

setName

public void setName(java.lang.String name)
Parameters:
name -

addMethod

public void addMethod(java.lang.String method)
Parameters:
method -

getMethods

public java.util.List getMethods()

forMethod

public boolean forMethod(java.lang.String method)
Parameters:
method - Method name.
Returns:
True if this constraint applies to the method. If no method has been set, then the constraint applies to all methods.

addRole

public void addRole(java.lang.String role)
Parameters:
role - The rolename. If the rolename is '*' all other roles are removed and anyRole is set true and subsequent addRole calls are ignored. Authenticate is forced true by this call.

isAnyRole

public boolean isAnyRole()
Returns:
True if any user role is permitted.

getRoles

public java.util.List getRoles()
Returns:
List of roles for this constraint.

hasRole

public boolean hasRole(java.lang.String role)
Parameters:
role -
Returns:
True if the constraint contains the role.

setAuthenticate

public void setAuthenticate(boolean authenticate)
Parameters:
authenticate - True if users must be authenticated

getAuthenticate

public boolean getAuthenticate()
Returns:
True if the constraint requires request authentication

isForbidden

public boolean isForbidden()
Returns:
True if authentication required but no roles set

setDataConstraint

public void setDataConstraint(int c)
Parameters:
c -

getDataConstraint

public int getDataConstraint()
Returns:
Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL

hasDataConstraint

public boolean hasDataConstraint()
Returns:
True if a data constraint has been set.

clone

public java.lang.Object clone()
                       throws java.lang.CloneNotSupportedException
Overrides:
clone in class java.lang.Object
Throws:
java.lang.CloneNotSupportedException

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

check

public static boolean check(java.util.List constraints,
                            Authenticator authenticator,
                            UserRealm realm,
                            java.lang.String pathInContext,
                            HttpRequest request,
                            HttpResponse response)
                     throws HttpException,
                            java.io.IOException
Check security contraints

Parameters:
constraints -
authenticator -
realm -
pathInContext -
request -
response -
Returns:
false if the request has failed a security constraint or the authenticator has already sent a response.
Throws:
HttpException
java.io.IOException


Copyright © 2004 Mortbay Consulting Pty. Ltd. All Rights Reserved.