[jbossweb-commits] JBossWeb SVN: r1208 - in trunk/java: org/apache/catalina and 3 other directories.

Author: remy.maucherat(a)jboss.com Date: 2009-10-18 20:54:10 -0400 (Sun, 18 Oct 2009) New Revision: 1208 Modified: trunk/java/javax/servlet/AsyncContext.java trunk/java/javax/servlet/FilterRegistration.java trunk/java/javax/servlet/ServletRegistration.java trunk/java/org/apache/catalina/Context.java trunk/java/org/apache/catalina/Wrapper.java trunk/java/org/apache/catalina/connector/LocalStrings.properties trunk/java/org/apache/catalina/connector/Request.java trunk/java/org/apache/catalina/core/ApplicationContext.java trunk/java/org/apache/catalina/core/ApplicationFilterConfig.java trunk/java/org/apache/catalina/core/LocalStrings.properties trunk/java/org/apache/catalina/core/StandardContext.java trunk/java/org/apache/catalina/core/StandardWrapper.java trunk/java/org/apache/catalina/core/StandardWrapperFacade.java trunk/java/org/apache/catalina/startup/ContextConfig.java Log: - Spec update. - Implement some error conditions of ServletContext. Modified: trunk/java/javax/servlet/AsyncContext.java =================================================================== --- trunk/java/javax/servlet/AsyncContext.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/javax/servlet/AsyncContext.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -410,6 +410,29 @@ /** + * Instantiates the given {@link AsyncListener} class. + * + * <p>The returned AsyncListener instance may be further customized + * before it is registered with this AsyncContext via a call to one of + * the <code>addListener</code> methods. + * + * <p>The given AsyncListener class must define a zero argument + * constructor, which is used to instantiate it. + * + * <p>This method supports any annotations applicable to AsyncListener. + * + * @param clazz the AsyncListener class to instantiate + * + * @return the new AsyncListener instance + * + * @throws ServletException if the given <tt>clazz</tt> fails to be + * instantiated + */ + public <T extends AsyncListener> T createListener(Class<T> clazz) + throws ServletException; + + + /** * Sets the timeout (in milliseconds) for this AsyncContext. * * <p>The timeout applies to this AsyncContext once the Modified: trunk/java/javax/servlet/FilterRegistration.java =================================================================== --- trunk/java/javax/servlet/FilterRegistration.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/javax/servlet/FilterRegistration.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -57,6 +57,9 @@ * <i>declared</i> filter mappings of the ServletContext from which this * FilterRegistration was obtained. * + * <p>If this method is called multiple times, each successive call + * adds to the effects of the former. + * * @param dispatcherTypes the dispatcher types of the filter mapping, * or null if the default <tt>DispatcherType.REQUEST</tt> is to be used * @param isMatchAfter true if the given filter mapping should be matched @@ -99,6 +102,9 @@ * <i>declared</i> filter mappings of the ServletContext from which * this FilterRegistration was obtained. * + * <p>If this method is called multiple times, each successive call + * adds to the effects of the former. + * * @param dispatcherTypes the dispatcher types of the filter mapping, * or null if the default <tt>DispatcherType.REQUEST</tt> is to be used * @param isMatchAfter true if the given filter mapping should be matched Modified: trunk/java/javax/servlet/ServletRegistration.java =================================================================== --- trunk/java/javax/servlet/ServletRegistration.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/javax/servlet/ServletRegistration.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -52,6 +52,9 @@ * <p>If any of the specified URL patterns are already mapped to a * different Servlet, no updates will be performed. * + * <p>If this method is called multiple times, each successive call + * adds to the effects of the former. + * * @param urlPatterns the URL patterns of the servlet mapping * * @return the (possibly empty) Set of URL patterns that are already @@ -122,20 +125,48 @@ /** * Sets the {@link ServletSecurityElement} to be applied to the - * mappings defined for this <code>ServletRegistration</code>. If this - * method is called multiple times, each successive call overrides the - * effects of the former. + * mappings currently assigned to this + * <code>ServletRegistration</code>. * + * <p>Any mappings added to this ServletRegistration after a call + * to this method may be secured by a subsequent call to this method. + * + * <p>If a url-pattern of this ServletRegistration is an exact + * target of a <code>security-constraint</code> that was established + * via the portable deployment descriptor, then this method does not + * change the <code>security-constraint</code> for that pattern, and + * the pattern will be included in the return value. + * + * <p>If a url-pattern of this ServletRegistration is an exact target + * of a security constraint that was established via the + * {@link javax.servlet.annotation.ServletSecurity} annotation or a + * previous call to this method, then this method replaces the + * security constraint for that pattern. + * + * <p>If a url-pattern of this ServletRegistration is neither the + * exact target of a security constraint that was established via the + * {@link javax.servlet.annotation.ServletSecurity} annotation or + * a previous call to this method, nor the exact target of a + * </code>security-constraint</code> in the portable deployment + * descriptor, then this method establishes the security + * constraint for that pattern from the argument + * ServletSecurityElement. + * * @param constraint the {@link ServletSecurityElement} to be applied - * to the patterns mapped to the registration - * + * to the patterns currently mapped to this ServletRegistration + * + * @return the (possibly empty) Set of URL patterns that were already + * the exact target of a <code>security-constraint</code> that was + * established via the portable deployment descriptor. This method + * has no effect on the patterns included in the returned set. + * * @throws IllegalArgumentException if <tt>constraint</tt> is null - * + * * @throws IllegalStateException if the {@link ServletContext} from - * which this ServletRegistration was obtained has already been - * initialized + * which this ServletRegistration was obtained has already been + * initialized */ - public void setServletSecurity(ServletSecurityElement constraint); + public Set<String> setServletSecurity(ServletSecurityElement constraint); /** * Sets the {@link MultipartConfigElement} to be applied to the Modified: trunk/java/org/apache/catalina/Context.java =================================================================== --- trunk/java/org/apache/catalina/Context.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/Context.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -35,6 +35,7 @@ import org.apache.catalina.deploy.WebAbsoluteOrdering; import org.apache.catalina.deploy.jsp.TagLibraryInfo; import org.apache.catalina.util.CharsetMapper; +import org.apache.tomcat.InstanceManager; import org.apache.tomcat.util.http.mapper.Mapper; @@ -351,6 +352,20 @@ /** + * Used to create application instances. + */ + public InstanceManager getInstanceManager(); + + + /** + * Set the instance manager associated with this Context. + * + * @param instanceManager The instance manager + */ + public void setInstanceManager(InstanceManager instanceManager); + + + /** * Return the logical name for this web application. */ public String getLogicalName(); Modified: trunk/java/org/apache/catalina/Wrapper.java =================================================================== --- trunk/java/org/apache/catalina/Wrapper.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/Wrapper.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -19,6 +19,8 @@ package org.apache.catalina; +import java.util.Set; + import javax.servlet.Servlet; import javax.servlet.ServletException; import javax.servlet.ServletRegistration; @@ -432,8 +434,23 @@ /** + * Set an associated ServletSecurity on mappings which are currently associated + * with the Servlet. This will not set security on patters which are currently + * defined in a security constraint. + * + * @return the set of patterns for which the servlet security will not be defined + */ + public Set<String> setServletSecurityOnCurrentMappings(ServletSecurityElement servletSecurity); + + + /** * Get an associated ServletSecurity, if any. */ public ServletSecurityElement getServletSecurity(); + /** + * Get an associated ServletSecurity patterns, if any. + */ + public Set<String> getServletSecurityPatterns(); + } Modified: trunk/java/org/apache/catalina/connector/LocalStrings.properties =================================================================== --- trunk/java/org/apache/catalina/connector/LocalStrings.properties 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/connector/LocalStrings.properties 2009-10-19 00:54:10 UTC (rev 1208) @@ -60,6 +60,7 @@ coyoteRequest.cannotStartAsync=Cannot start async coyoteRequest.onStartAsyncError=Error invoking onStartAsync on listener of class {0} coyoteRequest.dispatchNoServletContext=Could not determine or access context for server absolute path [{0}] +coyoteRequest.createListener=Failed to instantiate class {0} # # MapperListener Modified: trunk/java/org/apache/catalina/connector/Request.java =================================================================== --- trunk/java/org/apache/catalina/connector/Request.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/connector/Request.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -56,6 +56,7 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; +import java.util.EventListener; import java.util.HashMap; import java.util.Iterator; import java.util.LinkedHashMap; @@ -3326,6 +3327,17 @@ setTimeout0(realTimeout); } + public <T extends AsyncListener> T createListener(Class<T> clazz) + throws ServletException { + T listenerInstance = null; + try { + listenerInstance = (T) context.getInstanceManager().newInstance(clazz); + } catch (Exception e) { + throw new ServletException(sm.getString("coyoteRequest.createListener", clazz.getName()), e); + } + return listenerInstance; + } + } Modified: trunk/java/org/apache/catalina/core/ApplicationContext.java =================================================================== --- trunk/java/org/apache/catalina/core/ApplicationContext.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/core/ApplicationContext.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -72,13 +72,18 @@ import javax.servlet.ServletContext; import javax.servlet.ServletContextAttributeEvent; import javax.servlet.ServletContextAttributeListener; +import javax.servlet.ServletContextListener; import javax.servlet.ServletException; import javax.servlet.ServletRegistration; +import javax.servlet.ServletRequestAttributeListener; +import javax.servlet.ServletRequestListener; import javax.servlet.SessionCookieConfig; import javax.servlet.SessionTrackingMode; import javax.servlet.descriptor.JspConfigDescriptor; import javax.servlet.descriptor.JspPropertyGroupDescriptor; import javax.servlet.descriptor.TaglibDescriptor; +import javax.servlet.http.HttpSessionAttributeListener; +import javax.servlet.http.HttpSessionListener; import org.apache.catalina.Container; import org.apache.catalina.Context; @@ -870,6 +875,9 @@ throw new IllegalStateException(sm.getString("applicationContext.alreadyInitialized", getContextPath())); } + if (context.findFilterDef(filterName) != null) { + return null; + } FilterDef filterDef = new FilterDef(); filterDef.setFilterName(filterName); filterDef.setFilterClass(className); @@ -889,6 +897,10 @@ throw new IllegalStateException(sm.getString("applicationContext.alreadyInitialized", getContextPath())); } + if (context.findFilterDef(filterName) != null) { + return null; + } + // FIXME: Filter instance unicity nonsense FilterDef filterDef = new FilterDef(); filterDef.setFilterName(filterName); filterDef.setFilterClass(filter.getClass().getName()); @@ -903,9 +915,6 @@ public FilterRegistration.Dynamic addFilter(String filterName, Class<? extends Filter> filterClass) { - if (restricted) { - throw new UnsupportedOperationException(sm.getString("applicationContext.restricted")); - } return addFilter(filterName, filterClass.getName()); } @@ -919,6 +928,9 @@ throw new IllegalStateException(sm.getString("applicationContext.alreadyInitialized", getContextPath())); } + if (context.findChild(servletName) != null) { + return null; + } Wrapper wrapper = context.createWrapper(); wrapper.setDynamic(true); wrapper.setName(servletName); @@ -931,9 +943,6 @@ public ServletRegistration.Dynamic addServlet(String servletName, Class<? extends Servlet> clazz) throws IllegalArgumentException, IllegalStateException { - if (restricted) { - throw new UnsupportedOperationException(sm.getString("applicationContext.restricted")); - } return addServlet(servletName, clazz.getName()); } @@ -946,6 +955,10 @@ throw new IllegalStateException(sm.getString("applicationContext.alreadyInitialized", getContextPath())); } + if (context.findChild(servletName) != null) { + return null; + } + // FIXME: Servlet instance unicity nonsense Wrapper wrapper = context.createWrapper(); wrapper.setDynamic(true); wrapper.setName(servletName); @@ -1047,8 +1060,7 @@ try { return (T) context.getInstanceManager().newInstance(c); } catch (Throwable e) { - throw new ServletException - (sm.getString("applicationContext.create"), e); + throw new ServletException(sm.getString("applicationContext.create"), e); } } @@ -1061,8 +1073,7 @@ try { return (T) context.getInstanceManager().newInstance(c); } catch (Throwable e) { - throw new ServletException - (sm.getString("applicationContext.create"), e); + throw new ServletException(sm.getString("applicationContext.create"), e); } } @@ -1081,13 +1092,6 @@ } - /** - * @throws IllegalStateException if the context has already been initialised - * @throws IllegalArgumentException TODO SERVLET3 Something to do with SSL - * but the spec language is not clear - * If an unsupported tracking mode is - * requested - */ public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes) { if (restricted) { throw new UnsupportedOperationException(sm.getString("applicationContext.restricted")); @@ -1118,7 +1122,20 @@ throw new IllegalStateException(sm.getString("applicationContext.alreadyInitialized", getContextPath())); } - context.addApplicationListener(className); + EventListener listenerInstance = null; + try { + Class<?> clazz = context.getLoader().getClassLoader().loadClass(className); + listenerInstance = (EventListener) context.getInstanceManager().newInstance(clazz); + } catch (Throwable t) { + throw new IllegalArgumentException(sm.getString("applicationContext.badListenerClass", + className, getContextPath()), t); + } + checkListenerType(listenerInstance); + if (context.getApplicationLifecycleListeners() != null && listenerInstance instanceof ServletContextListener) { + throw new IllegalArgumentException(sm.getString("applicationContext.badListenerClass", + className, getContextPath())); + } + context.addApplicationListenerInstance(listenerInstance); } @@ -1130,6 +1147,11 @@ throw new IllegalStateException(sm.getString("applicationContext.alreadyInitialized", getContextPath())); } + checkListenerType(listener); + if (context.getApplicationLifecycleListeners() != null && listener instanceof ServletContextListener) { + throw new IllegalArgumentException(sm.getString("applicationContext.badListenerClass", + listener.getClass().getName(), getContextPath())); + } context.addApplicationListenerInstance(listener); } @@ -1142,14 +1164,19 @@ throw new IllegalStateException(sm.getString("applicationContext.alreadyInitialized", getContextPath())); } + EventListener listenerInstance = null; try { - EventListener listenerInstance = - (EventListener) context.getInstanceManager().newInstance(listenerClass); - context.addApplicationListenerInstance(listenerInstance); + listenerInstance = (EventListener) context.getInstanceManager().newInstance(listenerClass); } catch (Exception e) { - // FIXME: better error - throw new IllegalStateException(e); + throw new IllegalArgumentException(sm.getString("applicationContext.badListenerClass", + listenerClass.getName(), getContextPath()), e); } + checkListenerType(listenerInstance); + if (context.getApplicationLifecycleListeners() != null && listenerInstance instanceof ServletContextListener) { + throw new IllegalArgumentException(sm.getString("applicationContext.badListenerClass", + listenerClass.getName(), getContextPath())); + } + context.addApplicationListenerInstance(listenerInstance); } @@ -1165,10 +1192,10 @@ T listenerInstance = null; try { listenerInstance = (T) context.getInstanceManager().newInstance(clazz); - } catch (Exception e) { - // FIXME: better error - throw new ServletException(e); + } catch (Throwable t) { + throw new ServletException(sm.getString("applicationContext.create"), t); } + checkListenerType(listenerInstance); return listenerInstance; } @@ -1236,6 +1263,19 @@ } // -------------------------------------------------------- Package Methods + + protected void checkListenerType(EventListener listener) { + if (!(listener instanceof ServletContextListener) + && !(listener instanceof ServletContextAttributeListener) + && !(listener instanceof ServletRequestListener) + && !(listener instanceof ServletRequestAttributeListener) + && !(listener instanceof HttpSessionListener) + && !(listener instanceof HttpSessionAttributeListener)) { + throw new IllegalArgumentException(sm.getString("applicationContext.badListenerClass", + listener.getClass().getName(), getContextPath())); + } + } + protected StandardContext getContext() { return this.context; } Modified: trunk/java/org/apache/catalina/core/ApplicationFilterConfig.java =================================================================== --- trunk/java/org/apache/catalina/core/ApplicationFilterConfig.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/core/ApplicationFilterConfig.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -155,12 +155,7 @@ */ private FilterDef filterDef = null; - /** - * the InstanceManager used to create and destroy filter instances. - */ - private transient InstanceManager instanceManager; - /** * JMX registration name */ @@ -446,7 +441,7 @@ // Identify the class loader we will be using if (filterInstance == null) { String filterClass = filterDef.getFilterClass(); - this.filter = (Filter) getInstanceManager().newInstance(filterClass); + this.filter = (Filter) context.getInstanceManager().newInstance(filterClass); } else { this.filter = filterInstance; filterInstance = null; @@ -528,20 +523,6 @@ // -------------------------------------------------------- Private Methods - private InstanceManager getInstanceManager() { - if (instanceManager == null) { - if (context instanceof StandardContext) { - instanceManager = ((StandardContext)context).getInstanceManager(); - } else { - instanceManager = new DefaultInstanceManager(null, - new HashMap<String, Map<String, String>>(), - context, - getClass().getClassLoader()); - } - } - return instanceManager; - } - private void registerJMX() { String parentName = context.getName(); parentName = ("".equals(parentName)) ? "/" : parentName; Modified: trunk/java/org/apache/catalina/core/LocalStrings.properties =================================================================== --- trunk/java/org/apache/catalina/core/LocalStrings.properties 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/core/LocalStrings.properties 2009-10-19 00:54:10 UTC (rev 1208) @@ -24,6 +24,7 @@ applicationContext.setAttribute.namenull=Name cannot be null applicationContext.setSessionTracking.ise=The session tracking modes for context {0} cannot be set whilst the context is running applicationContext.setSessionTracking.iae=The session tracking mode {0} requested for context {1} is not supported by that context +applicationContext.badListenerClass=Bad listener class {0} for context {1} applicationDispatcher.allocateException=Allocate exception for servlet {0} applicationDispatcher.deallocateException=Deallocate exception for servlet {0} applicationDispatcher.forward.ise=Cannot forward after response has been committed Modified: trunk/java/org/apache/catalina/core/StandardContext.java =================================================================== --- trunk/java/org/apache/catalina/core/StandardContext.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/core/StandardContext.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -4362,6 +4362,8 @@ lifecycle.fireLifecycleEvent(AFTER_START_EVENT, null); } + // FIXME: listener start order is wrong: context listeners should be started there, + // but all others should be after complete config // Configure and call application event listeners if (ok) { if (!listenerStart()) { Modified: trunk/java/org/apache/catalina/core/StandardWrapper.java =================================================================== --- trunk/java/org/apache/catalina/core/StandardWrapper.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/core/StandardWrapper.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -24,6 +24,7 @@ import java.util.Enumeration; import java.util.HashMap; import java.util.HashSet; +import java.util.Set; import java.util.Stack; import javax.management.ListenerNotFoundException; @@ -54,6 +55,8 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.Wrapper; import org.apache.catalina.deploy.Multipart; +import org.apache.catalina.deploy.SecurityCollection; +import org.apache.catalina.deploy.SecurityConstraint; import org.apache.catalina.security.SecurityUtil; import org.apache.catalina.util.Enumerator; import org.apache.catalina.util.InstanceSupport; @@ -226,6 +229,12 @@ */ protected ServletSecurityElement servletSecurity = null; + + /** + * Associated servlet security patterns. + */ + protected Set<String> servletSecurityPatterns = null; + /** * The notification sequence number. @@ -652,6 +661,47 @@ this.servletSecurity = servletSecurity; support.firePropertyChange("servletSecurity", oldServletSecurity, this.servletSecurity); } + + + /** + * Set an associated ServletSecurity on mappings which are currently associated + * with the Servlet. This will not set security on patters which are currently + * defined in a security constraint. + * + * @return the set of patterns for which the servlet security will not be defined + */ + public Set<String> setServletSecurityOnCurrentMappings(ServletSecurityElement servletSecurity) { + ServletSecurityElement oldServletSecurity = this.servletSecurity; + this.servletSecurity = servletSecurity; + support.firePropertyChange("servletSecurity", oldServletSecurity, this.servletSecurity); + // Now find to which mappings this servlet security will apply, and return the list + // for which is will not apply + Set<String> ignoredPatterns = new HashSet<String>(); + servletSecurityPatterns = new HashSet<String>(); + for (String mapping : findMappings()) { + servletSecurityPatterns.add(mapping); + } + SecurityConstraint[] constraints = ((Context) getParent()).findConstraints(); + for (SecurityConstraint constraint : constraints) { + for (SecurityCollection collection : constraint.findCollections()) { + for (String pattern : collection.findPatterns()) { + if (servletSecurityPatterns.contains(pattern)) { + servletSecurityPatterns.remove(pattern); + ignoredPatterns.add(pattern); + } + } + } + } + return ignoredPatterns; + } + + + /** + * Get an associated ServletSecurity patterns, if any. + */ + public Set<String> getServletSecurityPatterns() { + return servletSecurityPatterns; + } /** @@ -1170,7 +1220,7 @@ } if (servletInstance == null) { - InstanceManager instanceManager = ((StandardContext)getParent()).getInstanceManager(); + InstanceManager instanceManager = ((Context) getParent()).getInstanceManager(); try { servlet = (Servlet) instanceManager.newInstance(actualClass); } catch (ClassCastException e) { @@ -1428,7 +1478,7 @@ // Annotation processing if (!((Context) getParent()).getIgnoreAnnotations()) { - ((StandardContext)getParent()).getInstanceManager().destroyInstance(instance); + ((Context) getParent()).getInstanceManager().destroyInstance(instance); } } catch (Throwable t) { @@ -1471,7 +1521,7 @@ } // Annotation processing if (!((Context) getParent()).getIgnoreAnnotations()) { - ((StandardContext)getParent()).getInstanceManager().destroyInstance(s); + ((Context) getParent()).getInstanceManager().destroyInstance(s); } } } catch (Throwable t) { Modified: trunk/java/org/apache/catalina/core/StandardWrapperFacade.java =================================================================== --- trunk/java/org/apache/catalina/core/StandardWrapperFacade.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/core/StandardWrapperFacade.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -283,7 +283,7 @@ wrapper.setRunAs(roleName); } - public void setServletSecurity(ServletSecurityElement servletSecurity) { + public Set<String> setServletSecurity(ServletSecurityElement servletSecurity) { if (!((Context) wrapper.getParent()).isStarting()) { throw new IllegalStateException(sm.getString ("servletRegistration.ise", ((Context) wrapper.getParent()).getPath())); @@ -291,7 +291,7 @@ if (servletSecurity == null) { throw new IllegalArgumentException(sm.getString("servletRegistration.iae")); } - wrapper.setServletSecurity(servletSecurity); + return wrapper.setServletSecurityOnCurrentMappings(servletSecurity); } public void setMultipartConfig(MultipartConfigElement multipartConfig) { Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java =================================================================== --- trunk/java/org/apache/catalina/startup/ContextConfig.java 2009-10-18 16:47:36 UTC (rev 1207) +++ trunk/java/org/apache/catalina/startup/ContextConfig.java 2009-10-19 00:54:10 UTC (rev 1208) @@ -2134,9 +2134,29 @@ } SecurityCollection collection = new SecurityCollection(); collection.addMethod(httpMethodConstraint.getMethodName()); - String[] urlPatterns = wrapper.findMappings(); - for (String urlPattern : urlPatterns) { - collection.addPattern(urlPattern); + if (wrapper.getServletSecurityPatterns() != null) { + for (String urlPattern : wrapper.getServletSecurityPatterns()) { + collection.addPattern(urlPattern); + } + } else { + String[] urlPatterns = wrapper.findMappings(); + Set<String> servletSecurityPatterns = new HashSet<String>(); + for (String urlPattern : urlPatterns) { + servletSecurityPatterns.add(urlPattern); + } + SecurityConstraint[] constraints = context.findConstraints(); + for (SecurityConstraint constraint2 : constraints) { + for (SecurityCollection collection2 : constraint2.findCollections()) { + for (String urlPattern : collection2.findPatterns()) { + if (servletSecurityPatterns.contains(urlPattern)) { + servletSecurityPatterns.remove(urlPattern); + } + } + } + } + for (String urlPattern : servletSecurityPatterns) { + collection.addPattern(urlPattern); + } } constraint.addCollection(collection); context.addConstraint(constraint); @@ -2165,9 +2185,29 @@ constraint.setUserConstraint(org.apache.catalina.realm.Constants.CONFIDENTIAL_TRANSPORT); } SecurityCollection collection = new SecurityCollection(); - String[] urlPatterns = wrapper.findMappings(); - for (String urlPattern : urlPatterns) { - collection.addPattern(urlPattern); + if (wrapper.getServletSecurityPatterns() != null) { + for (String urlPattern : wrapper.getServletSecurityPatterns()) { + collection.addPattern(urlPattern); + } + } else { + String[] urlPatterns = wrapper.findMappings(); + Set<String> servletSecurityPatterns = new HashSet<String>(); + for (String urlPattern : urlPatterns) { + servletSecurityPatterns.add(urlPattern); + } + SecurityConstraint[] constraints = context.findConstraints(); + for (SecurityConstraint constraint2 : constraints) { + for (SecurityCollection collection2 : constraint2.findCollections()) { + for (String urlPattern : collection2.findPatterns()) { + if (servletSecurityPatterns.contains(urlPattern)) { + servletSecurityPatterns.remove(urlPattern); + } + } + } + } + for (String urlPattern : servletSecurityPatterns) { + collection.addPattern(urlPattern); + } } for (String methodOmission : methodOmissions) { collection.addMethodOmission(methodOmission);