|
![]() |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Objecthirondelle.web4j.security.UntrustedProxyForUserIdImpl
public final class UntrustedProxyForUserIdImpl
Default implementation of UntrustedProxyForUserId
.
This implementation depends on settings in web.xml, which are read in on startup.
Later, each request URL is parsed by usesUntrustedIdentifier(RequestParser)
,
and an attempt is made to find a match to the aforementioned settings in web.xml.
This class uses settings in web.xml to define requests having ownership constraints that use an untrusted proxy for the user id. It uses a roughly similar style as used for role-based constraints. Here is an example of a number of several such ownership constraints defined in web.xml:
<init-param> <description> Operations having an ownership constraint that uses an untrusted identifier. </description> <param-name>UntrustedProxyForUserId</param-name> <param-value> FoodAction.* VacationAction.add VacationAction.delete </param-value> </init-param>
Each line is treated as a separate constraint, one per line. You can define as many as required.
The period character separates the 'noun' (the Action) from the 'verb' (the Operation
).
The special '*' character refers to all verbs/operations attached to a given noun/action.
Field Summary | |
---|---|
static String |
ALL_OPERATIONS
Special character denoting all operations/verbs. |
Constructor Summary | |
---|---|
UntrustedProxyForUserIdImpl()
|
Method Summary | |
---|---|
boolean |
usesUntrustedIdentifier(RequestParser aRequestParser)
Return true only if the given request matches one of the items defined by the UntrustedProxyForUserId setting in web.xml. |
Methods inherited from class Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String ALL_OPERATIONS
Constructor Detail |
---|
public UntrustedProxyForUserIdImpl()
Method Detail |
---|
public boolean usesUntrustedIdentifier(RequestParser aRequestParser)
For example, given the URL :
'.../VacationAction.list?X=Y'this method will parse the URL into a 'noun' and a 'verb' :
noun: 'VacationAction' verb: 'list'It will then compare the noun-and-verb to the settings defined in web.xml. If there's a match, then this method returns true.
usesUntrustedIdentifier
in interface UntrustedProxyForUserId
|
![]() |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |