Produced by Araxis Merge on 12/5/2017 12:06:46 PM Central Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | IV-eHMP_CIF.zip\IMAG_Source\VISA\Java\ImagingVistaRealm\main\src\java\gov\va\med\imaging\tomcat\vistarealm | SecurityConstraintAuthorizationList.java | Mon Dec 4 21:35:12 2017 UTC |
| 2 | IV-eHMP_CIF.zip\IMAG_Source\VISA\Java\ImagingVistaRealm\main\src\java\gov\va\med\imaging\tomcat\vistarealm | SecurityConstraintAuthorizationList.java | Mon Dec 4 22:03:45 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 234 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /** | |
| 2 | * | |
| 3 | */ | |
| 4 | package go v.va.med.i maging.tom cat.vistar ealm; | |
| 5 | ||
| 6 | import jav a.util.Arr ayList; | |
| 7 | import jav a.util.Lis t; | |
| 8 | ||
| 9 | import org .apache.to mcat.util. descriptor .web.Secur ityConstra int; | |
| 10 | import org .apache.lo gging.log4 j.LogManag er; | |
| 11 | import org .apache.lo gging.log4 j.Logger; | |
| 12 | ||
| 13 | /** | |
| 14 | * @author
|
|
| 15 | * | |
| 16 | * This cl ass implem ents part of the req uirements of Section 12.8.1 of the servl et spec v 2.4 | |
| 17 | * | |
| 18 | * Section 12.8.1: | |
| 19 | * "When a url-patte rn and htt p-method p air occurs in multip le securit y constrai nts, the c onstraints (on the p attern and method) a re defined by combin ing the in dividual | |
| 20 | * constra ints. The rules for combining constraint s in which the same pattern an d method o ccur are a s follows: | |
| 21 | * | |
| 22 | * The com bination o f authoriz ation cons traints th at name ro les or tha t imply ro les via th e name “*” shall yie ld the uni on of the role names in the in dividual | |
| 23 | * constra ints as pe rmitted ro les. | |
| 24 | * A secur ity constr aint that does not c ontain an authorizat ion constr aint shall combine w ith author ization co nstraints that name or imply r oles to | |
| 25 | * allow u nauthentic ated acces s. | |
| 26 | * The spe cial case of an auth orization constraint that name s no roles shall com bine with any other constraint s to overr ide their affects an d cause | |
| 27 | * access to be prec luded. | |
| 28 | */ | |
| 29 | public cla ss Securit yConstrain tAuthoriza tionList<T extends S ecurityCon straint> | |
| 30 | extends Ar rayList<T> | |
| 31 | { | |
| 32 | pr ivate stat ic final l ong serial VersionUID = -462267 7800189536 16L; | |
| 33 | pr ivate Logg er logger = LogManag er.getLogg er(this.ge tClass()); | |
| 34 | ||
| 35 | pu blic Secur ityConstra intAuthori zationList (T[] secur ityConstra ints) | |
| 36 | { | |
| 37 | supe r(); | |
| 38 | ||
| 39 | for( T securit yConstrain t: securit yConstrain ts ) | |
| 40 | add(se curityCons traint); | |
| 41 | } | |
| 42 | ||
| 43 | /* * | |
| 44 | * | |
| 45 | * @return | |
| 46 | * / | |
| 47 | pu blic boole an isDenyA llAccess() | |
| 48 | { | |
| 49 | for( T securit yConstrain t: this ) | |
| 50 | // if there is a n auth-con straint an d it has n o roles th en deny al l access | |
| 51 | if( se curityCons traint.get AuthConstr aint() && securityCo nstraint.f indAuthRol es() != nu ll && secu rityConstr aint.findA uthRoles() .length == 0 ) | |
| 52 | { | |
| 53 | logger.d ebug("isDe nyAllAcces s returns true, key security c onstraint is '" + se curityCons traint.get DisplayNam e() + "'") ; | |
| 54 | return t rue; | |
| 55 | } | |
| 56 | logg er.debug(" isDenyAllA ccess retu rns false" ); | |
| 57 | retu rn false; | |
| 58 | } | |
| 59 | ||
| 60 | pu blic boole an isAllow Unauthenti catedAcces s() | |
| 61 | { | |
| 62 | bool ean allowU nauthentic atedAccess = false; | |
| 63 | for( T securit yConstrain t: this ) | |
| 64 | { | |
| 65 | // if there is a n auth-con straint an d it has n o roles th en deny al l access | |
| 66 | if( se curityCons traint.get AuthConstr aint() && securityCo nstraint.f indAuthRol es() != nu ll && secu rityConstr aint.findA uthRoles() .length == 0 ) | |
| 67 | { | |
| 68 | logger.d ebug("isAl lowUnauthe nticatedAc cess retur ns false, key securi ty constra int is '" + security Constraint .getDispla yName() + "'"); | |
| 69 | return f alse; | |
| 70 | } | |
| 71 | ||
| 72 | if( se curityCons traint.get AuthConstr aint() && securityCo nstraint.f indAuthRol e("*") ) | |
| 73 | allowUna uthenticat edAccess = true; | |
| 74 | } | |
| 75 | logg er.debug(" isAllowUna uthenticat edAccess r eturns " + allowUnau thenticate dAccess); | |
| 76 | retu rn allowUn authentica tedAccess; | |
| 77 | } | |
| 78 | ||
| 79 | pu blic boole an isAnyRo leAllowedA ccess(List <String> r oles) | |
| 80 | { | |
| 81 | Stri ng[] roleA rray = new String[ro les.size() ]; | |
| 82 | retu rn isAnyRo leAllowedA ccess(role s.toArray( roleArray) ); | |
| 83 | } | |
| 84 | ||
| 85 | pu blic boole an isAnyRo leAllowedA ccess(Stri ng[] roles ) | |
| 86 | { | |
| 87 | bool ean allowA ccess = fa lse; | |
| 88 | for( T securit yConstrain t: this ) | |
| 89 | { | |
| 90 | // if there is a n auth-con straint an d it has n o roles th en deny al l access | |
| 91 | if( se curityCons traint.get AuthConstr aint() && securityCo nstraint.f indAuthRol es() != nu ll && secu rityConstr aint.findA uthRoles() .length == 0 ) | |
| 92 | { | |
| 93 | logger.d ebug("isAn yRoleAllow edAccess r eturns fal se, key se curity con straint is '" + secu rityConstr aint.getDi splayName( ) + "'"); | |
| 94 | return f alse; | |
| 95 | } | |
| 96 | if( se curityCons traint.get AuthConstr aint() && securityCo nstraint.f indAuthRol e("*") ) | |
| 97 | { | |
| 98 | logger.d ebug("isAn yRoleAllow edAccess, found wild card secur ity constr aint '" + securityCo nstraint.g etDisplayN ame() + "' "); | |
| 99 | allowAcc ess = true ; | |
| 100 | } | |
| 101 | ||
| 102 | // che ck for eac h of the r oles, if a ny are lis ted then g rant acces s | |
| 103 | for(St ring role: roles) | |
| 104 | { | |
| 105 | logger.d ebug("isAn yRoleAllow edAccess, checking r ole '" + r ole + "'") ; | |
| 106 | if( secu rityConstr aint.getAu thConstrai nt() && se curityCons traint.fin dAuthRole( role) ) | |
| 107 | { | |
| 108 | logger.deb ug("isAnyR oleAllowed Access, fo und securi ty constra int '" + s ecurityCon straint.ge tDisplayNa me() + "' matching r ole '" + r ole + "'") ; | |
| 109 | allowAcces s = true; | |
| 110 | } | |
| 111 | } | |
| 112 | } | |
| 113 | ||
| 114 | logg er.debug(" isAnyRoleA llowedAcce ss returns " + allow Access + " '" ); | |
| 115 | retu rn allowAc cess; | |
| 116 | } | |
| 117 | ||
| 118 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.