Author: remy.maucherat(a)jboss.com Date: 2009-10-09 10:32:58 -0400 (Fri, 09 Oct 2009) New Revision: 1186 Added: trunk/java/javax/servlet/HttpConstraintElement.java trunk/java/javax/servlet/HttpMethodConstraintElement.java trunk/java/javax/servlet/MultipartConfigElement.java trunk/java/javax/servlet/ServletSecurityElement.java Modified: trunk/java/javax/servlet/ServletContainerInitializer.java trunk/java/javax/servlet/ServletContext.java trunk/java/javax/servlet/ServletRegistration.java trunk/java/javax/servlet/annotation/WebInitParam.java trunk/java/org/apache/catalina/Wrapper.java trunk/java/org/apache/catalina/core/ApplicationContext.java trunk/java/org/apache/catalina/core/ApplicationContextFacade.java trunk/java/org/apache/catalina/core/LocalStrings.properties trunk/java/org/apache/catalina/core/StandardWrapper.java trunk/java/org/apache/catalina/core/StandardWrapperFacade.java Log: - Today's spec update. - Adds a programmatic API for security, tied to a Servlet. - This forces me to redo the security annotation processing, with the final config now attached to the Wrapper until resolved internally in the Servlet container. - TODO: add the translation in ContextConfig.completeConfig(). Added: trunk/java/javax/servlet/HttpConstraintElement.java =================================================================== --- trunk/java/javax/servlet/HttpConstraintElement.java (rev 0) +++ trunk/java/javax/servlet/HttpConstraintElement.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -0,0 +1,160 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2008-2009 Sun Microsystems, Inc. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can obtain + * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html + * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt. + * Sun designates this particular file as subject to the "Classpath" exception + * as provided by Sun in the GPL Version 2 section of the License file that + * accompanied this code. If applicable, add the following below the License + * Header, with the fields enclosed by brackets [] replaced by your own + * identifying information: "Portions Copyrighted [year] + * [name of copyright owner]" + * + * Contributor(s): + * + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package javax.servlet; + +import java.util.*; +import javax.servlet.annotation.HttpConstraint; +import javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic; +import javax.servlet.annotation.ServletSecurity.TransportGuarantee; + +/** + * Java Class representation of an {@link HttpConstraint} annotation value. + * + * @since Servlet 3.0 + */ +public class HttpConstraintElement { + + private EmptyRoleSemantic emptyRoleSemantic; + private TransportGuarantee transportGuarantee; + private String[] rolesAllowed; + + /** + * Constructs a default HTTP constraint element + */ + public HttpConstraintElement() { + this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT; + this.transportGuarantee = TransportGuarantee.NONE; + rolesAllowed = new String[0]; + } + + /** + * Convenience constructor to establish <tt>EmptyRoleSemantic.DENY</tt> + * + * @param semantic should be EmptyRoleSemantic.DENY + */ + public HttpConstraintElement(EmptyRoleSemantic semantic) { + this.emptyRoleSemantic = semantic; + this.transportGuarantee = TransportGuarantee.NONE; + rolesAllowed = new String[0]; + } + + /** + * Constructor to establish non-empty getRolesAllowed and/or + * <tt>TransportGuarantee.CONFIDENTIAL</tt>. + * + * @param guarantee <tt>TransportGuarantee.NONE</tt> or + * <tt>TransportGuarantee.CONFIDENTIAL</tt> + * @param roleNames the names of the roles that are to be + * allowed access + */ + public HttpConstraintElement(TransportGuarantee guarantee, + String... roleNames) { + this.emptyRoleSemantic = EmptyRoleSemantic.PERMIT; + this.transportGuarantee = guarantee; + this.rolesAllowed = roleNames; + } + + /** + * Constructor to establish all of getEmptyRoleSemantic, + * getRolesAllowed, and getTransportGuarantee. + * + * @param semantic <tt>EmptyRoleSemantic.DENY</tt> or + * <tt>EmptyRoleSemantic.PERMIT</tt> + * @param guarantee <tt>TransportGuarantee.NONE</tt> or + * <tt>TransportGuarantee.CONFIDENTIAL<tt> + * @param roleNames the names of the roles that are to be allowed + * access, or missing if the semantic is <tt>EmptyRoleSemantic.DENY</tt> + */ + public HttpConstraintElement(EmptyRoleSemantic semantic, + TransportGuarantee guarantee, String... roleNames) { + if (semantic == EmptyRoleSemantic.DENY && roleNames.length > 0) { + throw new IllegalArgumentException( + "Deny semantic with rolesAllowed"); + } + this.emptyRoleSemantic = semantic; + this.transportGuarantee = guarantee; + this.rolesAllowed = roleNames; + } + + /** + * Gets the default authorization semantic. + * + * <p>This value is insignificant when <code>getRolesAllowed</code> + * returns a non-empty array, and should not be specified when a + * non-empty array is specified for <tt>getRolesAllowed<tt>. + * + * @return the {@link EmptyRoleSemantic} to be applied when + * <code>getRolesAllowed</code> returns an empty (that is, zero-length) + * array + */ + public EmptyRoleSemantic getEmptyRoleSemantic() { + return this.emptyRoleSemantic; + } + + /** + * Gets the data protection requirement (i.e., whether or not SSL/TLS is + * required) that must be satisfied by the transport connection. + * + * @return the {@link TransportGuarantee} indicating the data + * protection that must be provided by the connection + */ + public TransportGuarantee getTransportGuarantee() { + return this.transportGuarantee; + } + + /** + * Gets the names of the authorized roles. + * + * <p>Duplicate role names appearing in getRolesAllowed are insignificant + * and may be discarded. The String <tt>"*"</tt> has no special meaning + * as a role name (should it occur in getRolesAllowed). + * + * @return a (possibly empty) array of role names. When the + * array is empty, its meaning depends on the value of + * {@link #getEmptyRoleSemantic}. If its value is <tt>DENY</tt>, + * and <code>getRolesAllowed</code> returns an empty array, + * access is to be denied independent of authentication state and + * identity. Conversely, if its value is <code>PERMIT</code>, it + * indicates that access is to be allowed independent of authentication + * state and identity. When the array contains the names of one or + * more roles, it indicates that access is contingent on membership in at + * least one of the named roles (independent of the value of + * {@link #getEmptyRoleSemantic}). + */ + public String[] getRolesAllowed() { + return this.rolesAllowed; + } +} Added: trunk/java/javax/servlet/HttpMethodConstraintElement.java =================================================================== --- trunk/java/javax/servlet/HttpMethodConstraintElement.java (rev 0) +++ trunk/java/javax/servlet/HttpMethodConstraintElement.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -0,0 +1,93 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2008-2009 Sun Microsystems, Inc. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can obtain + * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html + * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt. + * Sun designates this particular file as subject to the "Classpath" exception + * as provided by Sun in the GPL Version 2 section of the License file that + * accompanied this code. If applicable, add the following below the License + * Header, with the fields enclosed by brackets [] replaced by your own + * identifying information: "Portions Copyrighted [year] + * [name of copyright owner]" + * + * Contributor(s): + * + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package javax.servlet; + +import javax.servlet.annotation.HttpMethodConstraint; + +/** + * Java Class represntation of an {@link HttpMethodConstraint} annotation value. + * + * @since Servlet 3.0 + */ +public class HttpMethodConstraintElement extends HttpConstraintElement { + + private String methodName; + + /** + * Constructs an instance with default {@link HttpConstraintElement} + * value. + * + * @param methodName the name of an HTTP protocol method. The name must + * not be null, or the empty string, and must be a legitimate HTTP + * Method name as defined by RFC 2616 + */ + public HttpMethodConstraintElement(String methodName) { + if (methodName == null || methodName.length() == 0) { + throw new IllegalArgumentException("invalid HTTP method name"); + } + this.methodName = methodName; + } + /** + * Constructs an instance with specified {@link HttpConstraintElement} + * value. + * + * @param methodName the name of an HTTP protocol method. The name must + * not be null, or the empty string, and must be a legitimate HTTP + * Method name as defined by RFC 2616 + * + * @param constraint the HTTPconstraintElement value to assign to the + * named HTTP method + */ + public HttpMethodConstraintElement(String methodName, + HttpConstraintElement constraint) { + super(constraint.getEmptyRoleSemantic(), + constraint.getTransportGuarantee(), + constraint.getRolesAllowed()); + if (methodName == null || methodName.length() == 0) { + throw new IllegalArgumentException("invalid HTTP method name"); + } + this.methodName = methodName; + } + + /** + * Gets the HTTP method name. + * + * @return the Http method name + */ + public String getMethodName() { + return this.methodName; + } +} Added: trunk/java/javax/servlet/MultipartConfigElement.java =================================================================== --- trunk/java/javax/servlet/MultipartConfigElement.java (rev 0) +++ trunk/java/javax/servlet/MultipartConfigElement.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -0,0 +1,133 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2008-2009 Sun Microsystems, Inc. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can obtain + * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html + * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt. + * Sun designates this particular file as subject to the "Classpath" exception + * as provided by Sun in the GPL Version 2 section of the License file that + * accompanied this code. If applicable, add the following below the License + * Header, with the fields enclosed by brackets [] replaced by your own + * identifying information: "Portions Copyrighted [year] + * [name of copyright owner]" + * + * Contributor(s): + * + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package javax.servlet; + +import javax.servlet.annotation.MultipartConfig; + +/** + * Java Class represntation of an {@link MultipartConfig} annotation value. + * + * @since Servlet 3.0 + */ +public class MultipartConfigElement { + + private String location; + private long maxFileSize; + private long maxRequestSize; + private int fileSizeThreshold; + + /** + * Constructs an instance with defaults for all but location. + * + * @param location defualts to "" if values is null. + */ + public MultipartConfigElement(String location) { + if (location == null) { + this.location = ""; + } + this.maxFileSize = -1L; + this.maxRequestSize = -1L; + this.fileSizeThreshold = 0; + } + + /** + * Constructs an instance with all values specified. + * + * @param location the directory location where files will be stored + * @param maxFileSize the maximum size allowed for uploaded files + * @param maxRequestSize the maximum size allowed for + * multipart/form-data requests + * @param fileSizeThreshold the size threshold after which files will + * be written to disk + */ + public MultipartConfigElement(String location, long maxFileSize, + long maxRequestSize, int fileSizeThreshold) { + if (location == null) { + this.location = ""; + } + this.maxFileSize = maxFileSize; + this.maxRequestSize = maxRequestSize; + this.fileSizeThreshold = fileSizeThreshold; + } + + /** + * Constructs an instance from a {@link MultipartConfig} annotation value. + * + * @param annotation the annotation value + */ + public MultipartConfigElement(MultipartConfig annotation) { + this.location = annotation.location(); + this.fileSizeThreshold = annotation.fileSizeThreshold(); + this.maxFileSize = annotation.maxFileSize(); + this.maxRequestSize = annotation.maxRequestSize(); + } + + /** + * Gets the directory location where files will be stored. + * + * @return the directory location where files will be stored + */ + public String getLocation() { + return this.location; + } + + /** + * Gets the maximum size allowed for uploaded files. + * + * @return the maximum size allowed for uploaded files + */ + public long getMaxFileSize() { + return this.maxFileSize; + } + + /** + * Gets the maximum size allowed for multipart/form-data requests. + * + * @return the maximum size allowed for multipart/form-data requests + */ + public long getMaxRequestSize() { + return this.maxRequestSize; + } + + /** + * Gets the size threshold after which files will be written to disk. + * + * @return the size threshold after which files will be written to disk + */ + public int getFileSizeThreshold() { + return this.fileSizeThreshold; + } +} Modified: trunk/java/javax/servlet/ServletContainerInitializer.java =================================================================== --- trunk/java/javax/servlet/ServletContainerInitializer.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/javax/servlet/ServletContainerInitializer.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -64,18 +64,15 @@ * while at the same time providing a configuration option that would * log them. * - * <p>Implementations of this interface may be declared by a JAR file + * <p>Implementations of this interface must be declared by a JAR file * resource located inside the <tt>META-INF/services</tt> directory and * named for the fully qualified class name of this interface, and will be - * discovered using the runtime's service provider lookup mechanism. - * - * <p>When an application is deployed, the order in which - * ServletContainerInitializer implementations are discovered - * by the runtime's service lookup mechanism must follow the + * discovered using the runtime's service provider lookup mechanism + * or a container specific mechanism that is semantically equivalent to + * it. In either case, ServletContainerInitializer services from web + * fragment JAR files excluded from an absolute ordering must be ignored, + * and the order in which these services are discovered must follow the * application's classloading delegation model. - * Any ServletContainerInitializer implementations declared in - * any of the application's web fragment JAR files that are excluded - * from absolute ordering must be ignored. * * @see javax.servlet.annotation.HandlesTypes * @@ -93,9 +90,8 @@ * startup of the bundling application. If this * <tt>ServletContainerInitializer</tt> is bundled inside a JAR file * outside of any <tt>WEB-INF/lib</tt> directory, but still - * discoverable by the runtime's service provider lookup mechanism, - * its <tt>onStartup</tt> method will be invoked every time an - * application is started. + * discoverable as described above, its <tt>onStartup</tt> method + * will be invoked every time an application is started. * * @param c the Set of application classes that extend, implement, or * have been annotated with the class types specified by the Modified: trunk/java/javax/servlet/ServletContext.java =================================================================== --- trunk/java/javax/servlet/ServletContext.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/javax/servlet/ServletContext.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -1499,6 +1499,28 @@ * @since Servlet 3.0 */ public ClassLoader getClassLoader(); + + + /** + * Declares role names that are tested using <code>isUserInRole</code>. + * + * <p>Roles that are implicitly declared as a result of their use within + * the {@link ServletRegistration.Dynamic#setServletSecurity + * setServletSecurity} or {@link ServletRegistration.Dynamic#setRunAsRole + * setRunAsRole} methods of the {@link ServletRegistration} interface need + * not be declared. + * + * @param roleNames the role names being declared + * + * @throws IllegalArgumentException if any of the argument roleNames is + * null or the empty string + * + * @throws IllegalStateException if the ServletContext has already + * been initialized + * + * @since Servlet 3.0 + */ + public void declareRoles(String... roleNames); } Modified: trunk/java/javax/servlet/ServletRegistration.java =================================================================== --- trunk/java/javax/servlet/ServletRegistration.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/javax/servlet/ServletRegistration.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -78,6 +78,15 @@ public Collection<String> getMappings(); /** + * Gets the name of the runAs role of the Servlet represented by this + * <code>ServletRegistration</code>. + * + * @return the name of the runAs role, or null if the Servlet is + * configured to run as its caller + */ + public String getRunAsRole(); + + /** * Interface through which a {@link Servlet} registered via one of the * <tt>addServlet</tt> methods on {@link ServletContext} may be further * configured. @@ -107,10 +116,60 @@ * @param loadOnStartup the initialization priority of the Servlet * * @throws IllegalStateException if the ServletContext from which - * this dynamic ServletRegistration was obtained has already been + * this ServletRegistration was obtained has already been initialized + */ + public void setLoadOnStartup(int loadOnStartup); + + /** + * Sets the {@link ServletSecurityElement} to be applied to the + * mappings defined for this <code>ServletRegistration</code>. If this + * method is called multiple times, each successive call overrides the + * effects of the former. + * + * @param constraint the {@link ServletSecurityElement} to be applied + * to the patterns mapped to the registration + * + * @throws IllegalArgumentException if <tt>constraint</tt> is null + * + * @throws IllegalStateException if the {@link ServletContext} from + * which this ServletRegistration was obtained has already been + * initialized + */ + public void setServletSecurity(ServletSecurityElement constraint); + + /** + * Sets the {@link MultipartConfigElement} to be applied to the + * mappings defined for this <code>ServletRegistration</code>. If this + * method is called multiple times, each successive call overrides the + * effects of the former. + * + * @param multipartConfig the {@link MultipartConfigElement} to be + * applied to the patterns mapped to the registration + * + * @throws IllegalArgumentException if <tt>multipartConfig</tt> is + * null + * + * @throws IllegalStateException if the {@link ServletContext} from + * which this ServletRegistration was obtained has already been * initialized */ - public void setLoadOnStartup(int loadOnStartup); + public void setMultipartConfig( + MultipartConfigElement multipartConfig); + + /** + * Sets the name of the runAs role for the + * <code>ServletRegistration</code>. + * + * @param roleName + * + * @throws IllegalArgumentException if <tt>roleName</tt> is null + * + * @throws IllegalStateException if the {@link ServletContext} from + * which this ServletRegistration was obtained has already been + * initialized + */ + public void setRunAsRole(String roleName); + } } Added: trunk/java/javax/servlet/ServletSecurityElement.java =================================================================== --- trunk/java/javax/servlet/ServletSecurityElement.java (rev 0) +++ trunk/java/javax/servlet/ServletSecurityElement.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -0,0 +1,189 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2008-2009 Sun Microsystems, Inc. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can obtain + * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html + * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt. + * Sun designates this particular file as subject to the "Classpath" exception + * as provided by Sun in the GPL Version 2 section of the License file that + * accompanied this code. If applicable, add the following below the License + * Header, with the fields enclosed by brackets [] replaced by your own + * identifying information: "Portions Copyrighted [year] + * [name of copyright owner]" + * + * Contributor(s): + * + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package javax.servlet; + +import java.util.*; +import javax.servlet.annotation.HttpMethodConstraint; +import javax.servlet.annotation.ServletSecurity; + +/** + * Java Class represntation of a {@link ServletSecurity} annotation value. + * + * @since Servlet 3.0 + */ +public class ServletSecurityElement extends HttpConstraintElement { + + private Collection<String> methodNames; + private Collection<HttpMethodConstraintElement> methodConstraints; + + /** + * Constructs an instance using the default + * <code>HttpConstraintElement</code> value as the default Constraint + * element and with no HTTP Method specific constraint elements. + */ + public ServletSecurityElement() { + methodConstraints = new HashSet<HttpMethodConstraintElement>(); + methodNames = new HashSet<String>(); + } + + /** + * Constructs an instance with a default Constraint element + * and with no HTTP Method specific constraint elements. + * + * @param constraint the HttpConstraintElement to be + * applied to all HTTP methods other than those represented in the + * <tt>methodConstraints</tt> + */ + public ServletSecurityElement(HttpConstraintElement constraint) { + super(constraint.getEmptyRoleSemantic(), + constraint.getTransportGuarantee(), + constraint.getRolesAllowed()); + methodConstraints = new HashSet<HttpMethodConstraintElement>(); + methodNames = new HashSet<String>(); + } + + /** + * Constructs an instance using the default + * <code>HttpConstraintElement</code> value as the default Constraint + * element and with a collection of HTTP Method specific constraint + * elements. + * + * @param methodConstraints the collection of HTTP method specific + * constraint elements + * + * @throws IllegalArgumentException if duplicate method names are + * detected + */ + public ServletSecurityElement( + Collection<HttpMethodConstraintElement> methodConstraints) { + this.methodConstraints = (methodConstraints == null ? + new HashSet<HttpMethodConstraintElement>() : methodConstraints); + methodNames = checkMethodNames(this.methodConstraints); + } + + /** + * Constructs an instance with a default Constraint element + * and with a collection of HTTP Method specific constraint elements. + * + * @param constraint the HttpConstraintElement to be + * applied to all HTTP methods other than those represented in the + * <tt>methodConstraints</tt> + * @param methodConstraints the collection of HTTP method specific + * constraint elements. + * + * @throws IllegalArgumentException if duplicate method names are + * detected + */ + public ServletSecurityElement(HttpConstraintElement constraint, + Collection<HttpMethodConstraintElement> methodConstraints) { + super(constraint.getEmptyRoleSemantic(), + constraint.getTransportGuarantee(), + constraint.getRolesAllowed()); + this.methodConstraints = (methodConstraints == null ? + new HashSet<HttpMethodConstraintElement>() : methodConstraints); + methodNames = checkMethodNames(this.methodConstraints); + } + + /** + * Constructs an instance from a {@link ServletSecurity} annotation value. + * + * @param annotation the annotation value + * + * @throws IllegalArgumentException if duplicate method names are + * detected + */ + public ServletSecurityElement(ServletSecurity annotation) { + super(annotation.value().value(), + annotation.value().transportGuarantee(), + annotation.value().rolesAllowed()); + this.methodConstraints = new HashSet<HttpMethodConstraintElement>(); + for (HttpMethodConstraint constraint : + annotation.httpMethodConstraints()) { + this.methodConstraints.add( + new HttpMethodConstraintElement( + constraint.value(), + new HttpConstraintElement(constraint.emptyRoleSemantic(), + constraint.transportGuarantee(), + constraint.rolesAllowed()))); + } + methodNames = checkMethodNames(this.methodConstraints); + } + + /** + * Gets the (possibly empty) collection of HTTP Method specific + * constraint elements. + * + * @return the (possibly empty) collection of HttpMethodConstraintElement + * objects + */ + public Collection<HttpMethodConstraintElement> getHttpMethodConstraints() { + return methodConstraints; + } + + /** + * Gets the set of HTTP methid names named by the HttpMethodConstraints. + * + * @return the set of String method names + */ + public Collection<String> getMethodNames() { + return methodNames; + } + + /** + * Checks for duplicate method names in methodConstraints. + * + * @param methodConstraints + * + * @retrun Set of method names + * + * @throws IllegalArgumentException if duplicate method names are + * detected + */ + private Collection<String> checkMethodNames( + Collection<HttpMethodConstraintElement> methodConstraints) { + Collection<String> methodNames = new HashSet<String>(); + for (HttpMethodConstraintElement methodConstraint : + methodConstraints) { + String methodName = methodConstraint.getMethodName(); + if (methodNames.contains(methodName)) { + throw new IllegalArgumentException( + "Duplicate HTTP method name: " + methodName); + } + methodNames.add(methodName); + } + return methodNames; + } +} Modified: trunk/java/javax/servlet/annotation/WebInitParam.java =================================================================== --- trunk/java/javax/servlet/annotation/WebInitParam.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/javax/servlet/annotation/WebInitParam.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -43,7 +43,8 @@ import java.lang.annotation.Documented; /** - * Used to declare init params in servlets in filters + * This annotation is used on a Servlet or Filter implementation class + * to specify an initialization parameter. * * @since Servlet 3.0 */ @@ -51,19 +52,19 @@ @Retention(RetentionPolicy.RUNTIME) @Documented public @interface WebInitParam { + /** - * Name of the init param + * Name of the initialization parameter */ String name(); /** - * Value of the init param - */ - + * Value of the initialization parameter + */ String value(); /** - * Description of the init param + * Description of the initialization parameter */ String description() default ""; } Modified: trunk/java/org/apache/catalina/Wrapper.java =================================================================== --- trunk/java/org/apache/catalina/Wrapper.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/org/apache/catalina/Wrapper.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -22,6 +22,7 @@ import javax.servlet.Servlet; import javax.servlet.ServletException; import javax.servlet.ServletRegistration; +import javax.servlet.ServletSecurityElement; import javax.servlet.UnavailableException; import org.apache.catalina.deploy.Multipart; @@ -423,5 +424,16 @@ */ public void unload() throws ServletException; + + /** + * Set an associated ServletSecurity. + */ + public void setServletSecurity(ServletSecurityElement servletSecurity); + + /** + * Get an associated ServletSecurity, if any. + */ + public ServletSecurityElement getServletSecurity(); + } Modified: trunk/java/org/apache/catalina/core/ApplicationContext.java =================================================================== --- trunk/java/org/apache/catalina/core/ApplicationContext.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/org/apache/catalina/core/ApplicationContext.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -1216,6 +1216,23 @@ return context.getVersionMinor(); } + public void declareRoles(String... roleNames) { + if (restricted) { + throw new UnsupportedOperationException(sm.getString("applicationContext.restricted")); + } + if (context.isInitialized()) { + throw new IllegalStateException(sm.getString("applicationContext.alreadyInitialized", + getContextPath())); + } + for (String role: roleNames) { + if (role == null || "".equals(role)) { + throw new IllegalArgumentException(sm.getString("applicationContext.emptyRole", + getContextPath())); + } + context.addSecurityRole(role); + } + } + // -------------------------------------------------------- Package Methods protected StandardContext getContext() { return this.context; Modified: trunk/java/org/apache/catalina/core/ApplicationContextFacade.java =================================================================== --- trunk/java/org/apache/catalina/core/ApplicationContextFacade.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/org/apache/catalina/core/ApplicationContextFacade.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -653,6 +653,14 @@ } + public void declareRoles(String... roleNames) { + if (SecurityUtil.isPackageProtectionEnabled()) { + doPrivileged("declareRoles", new Object[]{roleNames}); + } else { + context.declareRoles(roleNames); + } + } + /** * Use reflection to invoke the requested method. Cache the method object * to speed up the process Modified: trunk/java/org/apache/catalina/core/LocalStrings.properties =================================================================== --- trunk/java/org/apache/catalina/core/LocalStrings.properties 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/org/apache/catalina/core/LocalStrings.properties 2009-10-09 14:32:58 UTC (rev 1186) @@ -17,6 +17,7 @@ applicationContext.restricted=Listener that attempted to call this method is restricted. applicationContext.attributeEvent=Exception thrown by attributes event listener applicationContext.create=Error creating instance +applicationContext.emptyRole=Invalid empty role specified for context {0} applicationContext.mapping.error=Error during mapping applicationContext.requestDispatcher.iae=Path {0} does not start with a "/" character applicationContext.resourcePaths.iae=Path {0} does not start with a "/" character Modified: trunk/java/org/apache/catalina/core/StandardWrapper.java =================================================================== --- trunk/java/org/apache/catalina/core/StandardWrapper.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/org/apache/catalina/core/StandardWrapper.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -41,6 +41,7 @@ import javax.servlet.ServletRegistration; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; +import javax.servlet.ServletSecurityElement; import javax.servlet.SingleThreadModel; import javax.servlet.UnavailableException; @@ -218,6 +219,13 @@ * The run-as identity for this servlet. */ protected String runAs = null; + + + /** + * Associated ServletSecurity. + */ + protected ServletSecurityElement servletSecurity = null; + /** * The notification sequence number. @@ -627,8 +635,26 @@ } + + /** + * Get an associated ServletSecurity, if any. + */ + public ServletSecurityElement getServletSecurity() { + return servletSecurity; + } + /** + * Set an associated ServletSecurity. + */ + public void setServletSecurity(ServletSecurityElement servletSecurity) { + ServletSecurityElement oldServletSecurity = this.servletSecurity; + this.servletSecurity = servletSecurity; + support.firePropertyChange("servletSecurity", oldServletSecurity, this.servletSecurity); + } + + + /** * Return the fully qualified servlet class name for this servlet. */ public String getServletClass() { Modified: trunk/java/org/apache/catalina/core/StandardWrapperFacade.java =================================================================== --- trunk/java/org/apache/catalina/core/StandardWrapperFacade.java 2009-10-08 10:44:14 UTC (rev 1185) +++ trunk/java/org/apache/catalina/core/StandardWrapperFacade.java 2009-10-09 14:32:58 UTC (rev 1186) @@ -56,11 +56,14 @@ import java.util.Map; import java.util.Set; +import javax.servlet.MultipartConfigElement; import javax.servlet.ServletConfig; import javax.servlet.ServletContext; import javax.servlet.ServletRegistration; +import javax.servlet.ServletSecurityElement; import org.apache.catalina.Context; +import org.apache.catalina.deploy.Multipart; import org.apache.catalina.util.StringManager; @@ -232,6 +235,27 @@ public String getName() { return wrapper.getName(); } + + + public String getRunAsRole() { + return wrapper.getRunAs(); + } - + public void setRunAsRole(String roleName) { + wrapper.setRunAs(roleName); + } + + public void setServletSecurity(ServletSecurityElement servletSecurity) { + wrapper.setServletSecurity(servletSecurity); + } + + public void setMultipartConfig(MultipartConfigElement multipartConfig) { + Multipart multipart = new Multipart(); + multipart.setLocation(multipartConfig.getLocation()); + multipart.setMaxFileSize(multipartConfig.getMaxFileSize()); + multipart.setMaxRequestSize(multipartConfig.getMaxRequestSize()); + multipart.setFileSizeThreshold(multipartConfig.getFileSizeThreshold()); + wrapper.setMultipartConfig(multipart); + } + }