View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.security;
20  
21  import java.util.List;
22  import java.util.Set;
23  
24  public interface ConstraintAware
25  {
26      List<ConstraintMapping> getConstraintMappings();
27      Set<String> getRoles();
28      
29      /* ------------------------------------------------------------ */
30      /** Set Constraint Mappings and roles.
31       * Can only be called during initialization.
32       * @param constraintMappings the mappings
33       * @param roles the roles
34       */
35      void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles);
36      
37      /* ------------------------------------------------------------ */
38      /** Add a Constraint Mapping.
39       * May be called for running webapplication as an annotated servlet is instantiated.
40       * @param mapping the mapping
41       */
42      void addConstraintMapping(ConstraintMapping mapping);
43      
44      
45      /* ------------------------------------------------------------ */
46      /** Add a Role definition.
47       * May be called on running webapplication as an annotated servlet is instantiated.
48       * @param role the role
49       */
50      void addRole(String role);
51      
52      /**
53       * See Servlet Spec 31, sec 13.8.4, pg 145
54       * When true, requests with http methods not explicitly covered either by inclusion or omissions
55       * in constraints, will have access denied.
56       * @param deny true for denied method access
57       */
58      void setDenyUncoveredHttpMethods(boolean deny);
59      
60      boolean isDenyUncoveredHttpMethods();
61      
62      /**
63       * See Servlet Spec 31, sec 13.8.4, pg 145
64       * Container must check if there are urls with uncovered http methods
65       * @return true if urls with uncovered http methods
66       */
67      boolean checkPathsWithUncoveredHttpMethods();
68  }