01 package com.technoetic.xplanner.security.config; 02 03 import com.technoetic.xplanner.security.SecurityHelper; 04 05 import javax.servlet.http.HttpServletRequest; 06 import java.util.ArrayList; 07 import java.util.Collection; 08 import java.util.Iterator; 09 10 public class SecurityConstraint { 11 private ArrayList webResourceCollections = new ArrayList(); 12 private ArrayList authConstraints = new ArrayList(); 13 private String displayName; 14 15 public void addWebResourceCollection(WebResourceCollection collection) { 16 webResourceCollections.add(collection); 17 } 18 19 public void addAuthConstraint(AuthConstraint authConstraint) { 20 authConstraints.add(authConstraint); 21 } 22 23 public String getDisplayName() { 24 return displayName; 25 } 26 27 public void setDisplayName(String displayName) { 28 this.displayName = displayName; 29 } 30 31 public Collection getWebResourceCollection() { 32 return webResourceCollections; 33 } 34 35 public Collection getAuthConstraints() { 36 return authConstraints; 37 } 38 39 public boolean isApplicable(HttpServletRequest request) { 40 Iterator webResourceCollections = getWebResourceCollection().iterator(); Rate41 while (webResourceCollections.hasNext()) { 42 WebResourceCollection webResourceCollection = (WebResourceCollection)webResourceCollections.next(); 43 if (webResourceCollection.matches(request)) { 44 return true; 45 } 46 } 47 return false; 48 } 49 50 public boolean isAuthorized(HttpServletRequest request) { 51 Iterator authConstraints = getAuthConstraints().iterator(); Rate52 while (authConstraints.hasNext()) { 53 AuthConstraint authConstraint = (AuthConstraint)authConstraints.next(); 54 Iterator roleNames = authConstraint.getRoleNames().iterator(); Rate55 while (roleNames.hasNext()) { 56 String role = (String)roleNames.next(); 57 if ((SecurityHelper.getSubject(request) != null && role.equals("*")) || 58 SecurityHelper.isUserInRole(request, role)) { 59 return true; 60 } 61 } 62 } 63 return false; 64 } 65 }