1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.security; 20 21 import java.util.List; 22 import java.util.Set; 23 24 public interface ConstraintAware 25 { 26 List<ConstraintMapping> getConstraintMappings(); 27 Set<String> getRoles(); 28 29 /* ------------------------------------------------------------ */ 30 /** Set Constraint Mappings and roles. 31 * Can only be called during initialization. 32 * @param constraintMappings the mappings 33 * @param roles the roles 34 */ 35 void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles); 36 37 /* ------------------------------------------------------------ */ 38 /** Add a Constraint Mapping. 39 * May be called for running webapplication as an annotated servlet is instantiated. 40 * @param mapping the mapping 41 */ 42 void addConstraintMapping(ConstraintMapping mapping); 43 44 45 /* ------------------------------------------------------------ */ 46 /** Add a Role definition. 47 * May be called on running webapplication as an annotated servlet is instantiated. 48 * @param role the role 49 */ 50 void addRole(String role); 51 52 /** 53 * See Servlet Spec 31, sec 13.8.4, pg 145 54 * When true, requests with http methods not explicitly covered either by inclusion or omissions 55 * in constraints, will have access denied. 56 * @param deny true for denied method access 57 */ 58 void setDenyUncoveredHttpMethods(boolean deny); 59 60 boolean isDenyUncoveredHttpMethods(); 61 62 /** 63 * See Servlet Spec 31, sec 13.8.4, pg 145 64 * Container must check if there are urls with uncovered http methods 65 * @return true if urls with uncovered http methods 66 */ 67 boolean checkPathsWithUncoveredHttpMethods(); 68 }