Overview  Package   Class  Tree  Deprecated  Index  Help 
Version 4.10.0
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

hirondelle.web4j.security
Class UntrustedProxyForUserIdImpl

Object
  extended by hirondelle.web4j.security.UntrustedProxyForUserIdImpl
All Implemented Interfaces:
UntrustedProxyForUserId
public final class UntrustedProxyForUserIdImpl
extends Object
implements UntrustedProxyForUserId

Default implementation of UntrustedProxyForUserId.

This implementation depends on settings in web.xml, which are read in on startup. Later, each request URL is parsed by usesUntrustedIdentifier(RequestParser), and an attempt is made to find a match to the aforementioned settings in web.xml.

This class uses settings in web.xml to define requests having ownership constraints that use an untrusted proxy for the user id. It uses a roughly similar style as used for role-based constraints. Here is an example of a number of several such ownership constraints defined in web.xml:

<init-param>
  <description>
    Operations having an ownership constraint that uses an untrusted identifier. 
  </description>
  <param-name>UntrustedProxyForUserId</param-name>
  <param-value>
    FoodAction.*
    VacationAction.add
    VacationAction.delete
  </param-value>
</init-param>

Each line is treated as a separate constraint, one per line. You can define as many as required. The period character separates the 'noun' (the Action) from the 'verb' (the Operation).

The special '*' character refers to all verbs/operations attached to a given noun/action.

Field Summary
static String ALL_OPERATIONS
          Special character denoting all operations/verbs.
 
Constructor Summary
UntrustedProxyForUserIdImpl()
           
 
Method Summary
 boolean usesUntrustedIdentifier(RequestParser aRequestParser)
          Return true only if the given request matches one of the items defined by the UntrustedProxyForUserId setting in web.xml.
 
Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ALL_OPERATIONS

public static final String ALL_OPERATIONS
Special character denoting all operations/verbs.

See Also:
Constant Field Values
Constructor Detail

UntrustedProxyForUserIdImpl

public UntrustedProxyForUserIdImpl()
Method Detail

usesUntrustedIdentifier

public boolean usesUntrustedIdentifier(RequestParser aRequestParser)
Return true only if the given request matches one of the items defined by the UntrustedProxyForUserId setting in web.xml.

For example, given the URL : 

'.../VacationAction.list?X=Y'
this method will parse the URL into a 'noun' and a 'verb' : 
noun: 'VacationAction'
verb: 'list'
It will then compare the noun-and-verb to the settings defined in web.xml. If there's a match, then this method returns true.

Specified by:
usesUntrustedIdentifier in interface UntrustedProxyForUserId
Overview  Package   Class  Tree  Deprecated  Index  Help 
Version 4.10.0
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright Hirondelle Systems. Published October 19, 2013 - User Guide - All Docs.