if(constraints != null)
{
for(SecurityConstraintMetaData sc : constraints)
{
WebResourceCollectionsMetaData resources = sc.getResourceCollections();
TransportGuaranteeType transport = sc.getTransportGuarantee();
if( sc.isExcluded() || sc.isUnchecked() )
{
// Process the permissions for the excluded/unchecked resources
if(resources != null)
for(WebResourceCollectionMetaData wrc : resources)
{
List<String> httpMethods = wrc.getHttpMethods();
List<String> urlPatterns = wrc.getUrlPatterns();
int length = urlPatterns != null ? urlPatterns.size() : 0;
for(int n = 0; n < length; n ++)
{
String url = urlPatterns.get(n);
PatternInfo info = (PatternInfo) patternMap.get(url);
// Add the excluded methods
if( sc.isExcluded() )
{
info.addExcludedMethods(httpMethods);
}
}
}
}
else
{
// Process the permission for the resources x roles
if(resources != null)
for(WebResourceCollectionMetaData wrc : resources)
{
List<String> httpMethods = wrc.getHttpMethods();
List<String> urlPatterns = wrc.getUrlPatterns();
int length = urlPatterns != null ? urlPatterns.size() : 0;
for(int n = 0; n < length; n ++)
{
String url = urlPatterns.get(n);
// Get the qualified url pattern
PatternInfo info = (PatternInfo) patternMap.get(url);
HashSet<String> mappedRoles = new HashSet<String>();
if(sc.getRoleNames() != null)
for(String role : sc.getRoleNames())
{
if( role.equals("*") )
{
//JBAS-1824: Allow "*" to provide configurable authorization bypass
if(metaData.isJaccAllStoreRole())
mappedRoles.add("*");
else
{
// The wildcard ref maps to all declared security-role names
for(SecurityRoleMetaData srmd : metaData.getSecurityRoles())
{
role = srmd.getRoleName();
mappedRoles.add(role);
}
}
}
else
{
mappedRoles.add(role);
}
}
info.addRoles(mappedRoles, httpMethods);
// Add the transport to methods
info.addTransport(transport.name(), httpMethods);
//SECURITY-63: Missing auth-constraint needs unchecked policy
if(sc.getAuthConstraint() == null)
info.isMissingAuthConstraint = true;
}
}