WebUserDataPermission (Java EE 5)

Java EE API


javax.security.jacc Class WebUserDataPermission

java.lang.Object
  extended by java.security.Permission
      extended by javax.security.jacc.WebUserDataPermission
All Implemented Interfaces:
Serializable, Guard

public final class WebUserDataPermission
extends Permission
implements Serializable

Extends: java.security.Permission
Implements: java.io.Serializable

Servlet Web 用户数据权限的类。WebUserDataPermission 是一种指定权限,它包含各种操作。

WebUserDataPermission 的名称(也称为目标名称)按其相对于上下文路径的 URL 模式标识 Web 资源。

英文文档:

Class for Servlet Web user data permissions. A WebUserDataPermission is a named permission and has actions.

The name of a WebUserDataPermission (also referred to as the target name) identifies a Web resource by its context path relative URL pattern.

Author:
Ron Monzillo, Gary Ellison
See Also:
Permission, Serialized Form

Constructor Summary
 
Method Summary
 boolean
 String
 int
 boolean
 
Methods inherited from class java.security.Permission
 
Methods inherited from class java.lang.Object
 

Constructor Detail

public WebUserDataPermission(String name, String actions)
创建具有指定名称和操作的新 WebUserDataPermission。

名称包含可以标识要应用权限的 Web 资源的 URLPatternSpec。URLPatternSpec 的语法如下:

URLPatternList ::= URLPattern | URLPatternList colon URLPattern

URLPatternSpec ::= null | URLPattern | URLPattern colon URLPatternList

 

null URLPatternSpec 可以通过权限构造方法转换为默认的 URLPattern ("/")。空字符串是一个 exact URLPattern,在 URLPatternSpec 中,只要是 exact URLPattern 可能出现的地方,它都有可能出现。URLPatternSpec 的第一个 URLPattern 可以是任何模式类型:exact、path-prefix、extension 或者默认类型(在 Java Servlet 规范中定义)。如果 URLPatternSpec 包含 URLPatternList,则 URLPatternList 的模式标识未应用权限的资源,并依赖第一个模式的模式类型和值,如下所示:

  • 匹配第一个模式的 URLPatternList 中不存在任何模式。
  • 如果第一个模式是 path-prefix 模式,则 URLPatternList 中只存在匹配第一个模式的 exact 模式和匹配第一个模式(但不同)的 path-prefix 模式。
  • 如果第一个模式是 extension 模式,则 URLPatternList 中只存在匹配第一个模式的 exact 模式和 path-prefix 模式。
  • 如果第一个模式是默认模式 "/",则除默认模式以外的模式都可以出现在 URLPatternList 中。
  • 如果第一个模式是 exact 模式,则 URLPatternList 不得在 URLPatternSpec 中显示。

actions 参数包含以逗号分隔的 HTTP 方法列表,可能后接由冒号分隔的 HTTP 方法的 transportType。

ExtensionMethod ::= any token as defined by RFC 2616
(即 1*[除了 CTL 或分隔符以外的任何字符])

HTTPMethod ::= "Get" | "POST" | "PUT" | "DELETE" | "HEAD" |
"OPTIONS" | "TRACE" | ExtensionMethod

HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod

HTTPMethodExceptionList ::= exclaimationPoint HTTPMethodList

HTTPMethodSpec ::= emptyString | HTTPMethodExceptionList |
HTTPMethodList

transportType ::= "INTEGRAL" | "CONFIDENTIAL" | "NONE"

actions ::= null | HTTPMethodSpec | 
HTTPMethodSpec colon transportType

 

如果 HTTPMethodSpec 中出现重复,则必须使用权限构造方法删除。

空字符串 HTTPMethodSpec 是包含所有可能 HTTP 方法的列表的简写。

如果 HTTPMethodSpec 包含 HTTPMethodExceptionList(即它以 exclaimationPoint 开始),则权限将应用于未出现在异常列表中的所有方法。

不带 transportType 的操作字符串是将值 "NONE" 作为其 TransportType 的操作字符串的简写。

表示 transportType 为 "NONE" 的授予权限表示可以使用任何连接类型访问关联资源。

name 标识应用权限的特定于应用程序的 Web 资源的 URLPatternSpec。URLPatternSpec 中的所有 URLPattern 都相对于部署了 Web 应用程序模块的上下文路径,URLPatternSpec 中不得多次出现相同的 URLPattern。null URLPatternSpec 可以通过权限构造方法转换为默认的 URLPattern ("/")。

actions 标识应用权限的传输类型的 HTTP 方法。如果通过此参数传递的值为 null 或空字符串,则构建权限时,使用的操作将对应于所有可能的 HTTP 方法,并且 transportType 为 "NONE"。

英文文档:

WebUserDataPermission

public WebUserDataPermission(String name,
                             String actions)
Creates a new WebUserDataPermission with the specified name and actions.

The name contains a URLPatternSpec that identifies the web resources to which the permissions applies. The syntax of a URLPatternSpec is as follows:

          URLPatternList ::= URLPattern | URLPatternList colon URLPattern

          URLPatternSpec ::= null | URLPattern | URLPattern colon URLPatternList

 

A null URLPatternSpec is translated to the default URLPattern, "/", by the permission constructor. The empty string is an exact URLPattern, and may occur anywhere in a URLPatternSpec that an exact URLPattern may occur. The first URLPattern in a URLPatternSpec may be any of the pattern types, exact, path-prefix, extension, or default as defined in the Java Servlet Specification). When a URLPatternSpec includes a URLPatternList, the patterns of the URLPatternList identify the resources to which the permission does NOT apply and depend on the pattern type and value of the first pattern as follows:

  • No pattern may exist in the URLPatternList that matches the first pattern.
  • If the first pattern is a path-prefix pattern, only exact patterns matched by the first pattern and path-prefix patterns matched by, but different from, the first pattern may occur in the URLPatternList.
  • If the first pattern is an extension pattern, only exact patterns that are matched by the first pattern and path-prefix patterns may occur in the URLPatternList.
  • If the first pattern is the default pattern, "/", any pattern except the default pattern may occur in the URLPatternList.
  • If the first pattern is an exact pattern a URLPatternList must not be present in the URLPatternSpec.

The actions parameter contains a comma separated list of HTTP methods that may be followed by a transportType separated from the HTTP method by a colon.

          ExtensionMethod ::= any token as defined by RFC 2616
                  (that is, 1*[any CHAR except CTLs or separators])

          HTTPMethod ::= "Get" | "POST" | "PUT" | "DELETE" | "HEAD" |
                  "OPTIONS" | "TRACE" | ExtensionMethod

          HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod

          HTTPMethodExceptionList ::= exclaimationPoint HTTPMethodList

          HTTPMethodSpec ::= emptyString | HTTPMethodExceptionList |
                  HTTPMethodList

          transportType ::= "INTEGRAL" | "CONFIDENTIAL" | "NONE"

          actions ::= null | HTTPMethodSpec | 
                  HTTPMethodSpec colon transportType

 

If duplicates occur in the HTTPMethodSpec they must be eliminated by the permission constructor.

An empty string HTTPMethodSpec is a shorthand for a List containing all the possible HTTP methods.

If the HTTPMethodSpec contains an HTTPMethodExceptionList (i.e., it begins with an exclaimationPoint), the permission pertains to all methods except those occuring in the exception list.

An actions string without a transportType is a shorthand for a actions string with the value "NONE" as its TransportType.

A granted permission representing a transportType of "NONE", indicates that the associated resources may be accessed using any conection type.

Parameters:
name - the URLPatternSpec that identifies the application specific web resources to which the permission pertains. All URLPatterns in the URLPatternSpec are relative to the context path of the deployed web application module, and the same URLPattern must not occur more than once in a URLPatternSpec. A null URLPatternSpec is translated to the default URLPattern, "/", by the permission constructor.

actions - identifies the HTTP methods and transport type to which the permission pertains. If the value passed through this parameter is null or the empty string, then the permission is constructed with actions corresponding to all the possible HTTP methods and transportType "NONE".


public WebUserDataPermission(String urlPatternSpec, String[] HTTPMethods, String transportType)
创建新 WebUserDataPermission,其名称对应于 URLPatternSpec,其操作由 HTTP 方法的数组和传输类型组成。

urlPatternSpec 标识应用权限的特定于应用程序的 Web 资源的 URLPatternSpec。URLPatternSpec 中的所有 URLPattern 都相对于部署了 Web 应用程序模块的上下文路径,URLPatternSpec 中不得多次出现相同的 URLPattern。null URLPatternSpec 可以通过权限构造方法转换为默认的 URLPattern ("/")。

HTTPMethods 一个字符串数组,其中每个元素都包含一个 HTTP 方法的值。如果通过此参数传递的值为 null,或者是不包含任何元素的数组,则构建权限时,使用的操作对应于所有可能的 HTTP 方法。

transportType 值为 transportType 的 String。如果通过此参数传递的值为 null,则在构建权限时,使用的操作对应于 transportType "NONE"。

英文文档:

WebUserDataPermission

public WebUserDataPermission(String urlPatternSpec,
                             String[] HTTPMethods,
                             String transportType)
Creates a new WebUserDataPermission with name corresponding to the URLPatternSpec, and actions composed from the array of HTTP methods and the transport type.

Parameters:
urlPatternSpec - the URLPatternSpec that identifies the application specific web resources to which the permission pertains. All URLPatterns in the URLPatternSpec are relative to the context path of the deployed web application module, and the same URLPattern must not occur more than once in a URLPatternSpec. A null URLPatternSpec is translated to the default URLPattern, "/", by the permission constructor.

HTTPMethods - an array of strings each element of which contains the value of an HTTP method. If the value passed through this parameter is null or is an array with no elements, then the permission is constructed with actions corresponding to all the possible HTTP methods.

transportType - a String whose value is a transportType. If the value passed through this parameter is null, then the permission is constructed with actions corresponding to transportType "NONE".


public WebUserDataPermission(HttpServletRequest request)
根据 HttpServletRequest 对象创建新的 WebUserDataPermission。

request 对应于应用权限的 Servlet 操作的 HttpServletRequest 对象。权限名称是 contextPath (HttpServletRequest.getContextPath()) 之后 requestURI (HttpServletRequest.getRequestURI()) 所得结果的子字符串。当子字符串操作超过字符串 "/" 时,构造权限过程中将使用空字符串作为其名称。权限操作的 HTTP 方法组件通过 HttpServletRequest.getMethod() 获取。权限操作的 TransportType 组件通过调用 HttpServletRequest.isSecure() 确定。

英文文档:

WebUserDataPermission

public WebUserDataPermission(HttpServletRequest request)
Creates a new WebUserDataPermission from the HttpServletRequest object.

Parameters:
request - the HttpServletRequest object corresponding to the Servlet operation to which the permission pertains. The permission name is the substring of the requestURI (HttpServletRequest.getRequestURI()) that begins after the contextPath (HttpServletRequest.getContextPath()). When the substring operation yields the string "/", the permission is constructed with the empty string as its name. The HTTP method component of the permission's actions is as obtained from HttpServletRequest.getMethod(). The TransportType component of the permission's actions is determined by calling HttpServletRequest.isSecure().

Method Detail

public boolean equals(Object o)
检查两个 WebUserDataPermission 对象是否相等。如果 WebUserDataPermission 对象的 URLPatternSpec 和(规范)操作值相等,则它们相等。如果引用权限 URLPatternSpec 的第一个模式等于参数权限 URLPatternSpec 的第一个模式,并且引用权限整个 URLPatternList 中的模式与参数权限 URLPatternList 中的模式匹配完全相同的模式集合,则这两个权限相等。

当且仅当 P1.implies(P2) && P2.implies(P1) 时,这两个 Permission 对象(P1 和 P2)才是相等的。

o 要测试是否与此 WebUserDataPermission 相等的 WebUserDataPermission 对象

return 如果参数 WebUserDataPermission 对象与此 WebUserDataPermission 相等,则返回 true。

英文文档:

equals

public boolean equals(Object o)
Checks two WebUserDataPermission objects for equality. WebUserDataPermission objects are equivalent if their URLPatternSpec and (canonicalized) actions values are equivalent. The URLPatternSpec of a reference permission is equivalent to that of an argument permission if their first patterns are equivalent, and the patterns of the URLPatternList of the reference permission collectively match exactly the same set of patterns as are matched by the patterns of the URLPatternList of the argument permission.

Two Permission objects, P1 and P2, are equivalent if and only if P1.implies(P2) && P2.implies(P1).

Specified by:
equals in class Permission
Parameters:
o - the WebUserDataPermission object being tested for equality with this WebUserDataPermission.

Returns:
true if the argument WebUserDataPermission object is equivalent to this WebUserDataPermission.

public String getActions()
返回此 WebUserDataPermission 的操作的规范字符串表示形式。下列语法描述介绍了 WebUserDataPermission 操作的规范形式。

ExtensionMethod ::= any token as defined by RFC 2616
(即 1*[除了 CTL 或分隔符以外的任何字符])

HTTPMethod ::= "GET" | "POST" | "PUT" | "DELETE" | "HEAD" |
"OPTIONS" | "TRACE" | ExtensionMethod
          
HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod

HTTPMethodExceptionList ::= exclaimationPoint HTTPMethodList

HTTPMethodSpec ::= emptyString | HTTPMethodExceptionList |
HTTPMethodList

transportType ::= "INTEGRAL" | "CONFIDENTIAL" | "NONE"

actions ::= null | HTTPMethodList | 
HTTPMethodSpec colon transportType

 

如果权限的 HTTP 方法对应于整个 HTTP 方法集合,并且权限的传输类型为 "INTEGRAL" 或 "CONFIDENTIAL",则 HTTP 方法应使用 emptyString HTTPMethodSpec 以规范形式表示。如果权限的 HTTP 方法对应于整个 HTTP 方法集合,且权限的传输类型不是 "INTEGRAL" 或 "CONFIDENTIAL",则规范操作值应为 null。

如果权限的方法与整个 HTTP 方法集合不对应,则必须消除重复项目,剩下的元素将按以下顺序排列:预定义的方法位于扩展方法之前,在每个方法分类中,对应的方法按词汇升序排列。所得(非 emptyString)HTTPMethodSpec 必须包含在规范形式中,如果权限传输类型不是 "INTEGRAL" 或 "CONFIDENTIAL",则规范操作的值必须与所得 HTTPMethodSpec 完全相同。

return 包含此 WebUserDataPermission 的规范化操作的字符串(或 null 值)。

英文文档:

getActions

public String getActions()
Returns a canonical String representation of the actions of this WebUserDataPermission. The canonical form of the actions of a WebUserDataPermission is described by the following syntax description.

          ExtensionMethod ::= any token as defined by RFC 2616
                   (that is, 1*[any CHAR except CTLs or separators])

          HTTPMethod ::= "GET" | "POST" | "PUT" | "DELETE" | "HEAD" |
                   "OPTIONS" | "TRACE" | ExtensionMethod
          
          HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod

          HTTPMethodExceptionList ::= exclaimationPoint HTTPMethodList

          HTTPMethodSpec ::= emptyString | HTTPMethodExceptionList |
                  HTTPMethodList

          transportType ::= "INTEGRAL" | "CONFIDENTIAL" | "NONE"

          actions ::= null | HTTPMethodList | 
                  HTTPMethodSpec colon transportType

 

If the permission's HTTP methods correspond to the entire HTTP method set and the permission's transport type is "INTEGRAL" or "CONFIDENTIAL", the HTTP methods shall be represented in the canonical form by an emptyString HTTPMethodSpec. If the permission's HTTP methods correspond to the entire HTTP method set, and the permission's transport type is not "INTEGRAL"or "CONFIDENTIAL", the canonical actions value shall be the null value.

If the permission's methods do not correspond to the entire HTTP method set, duplicates must be eliminated and the remaining elements must be ordered such that the predefined methods preceed the extension methods, and such that within each method classification the corresponding methods occur in ascending lexical order. The resulting (non-emptyString) HTTPMethodSpec must be included in the canonical form, and if the permission's transport type is not "INTEGRAL" or "CONFIDENTIAL", the canonical actions value must be exactly the resulting HTTPMethodSpec.

Specified by:
getActions in class Permission
Returns:
a String containing the canonicalized actions of this WebUserDataPermission (or the null value).

public int hashCode()
返回此 WebUserDataPermission 的哈希码值。所返回哈希码的属性必须如下所示:

  • 在 Java 应用程序的生命周期中,每次对 WebUserDataPermission 对象调用 hashCode 方法时,该方法都将返回相同的整数值。应用程序每次对特定 EJBMethod 权限执行 hashCode 所返回的值不必总是相同。
  • 如果根据 equals 方法,两个 WebUserDataPermission 对象相等,那么对这两个 Permission 对象调用 hashCode 方法必须生成相同的整数结果(在应用程序内)。

return 此对象的整数哈希码值。

英文文档:

hashCode

public int hashCode()
Returns the hash code value for this WebUserDataPermission. The properties of the returned hash code must be as follows:

  • During the lifetime of a Java application, the hashCode method shall return the same integer value every time it is called on a WebUserDataPermission object. The value returned by hashCode for a particular EJBMethod permission need not remain consistent from one execution of an application to another.
  • If two WebUserDataPermission objects are equal according to the equals method, then calling the hashCode method on each of the two Permission objects must produce the same integer result (within an application).

Specified by:
hashCode in class Permission
Returns:
the integer hash code value for this object.

public boolean implies(java.security.Permission permission)
确定此 WebUserDataPermission 是否“隐含”参数 Permission。如果是这样,则所有下列各项都必须为 true:

  • 参数是 WebUserDataPermission 的实例。
  • 参数 permission 名称的第一个 URLPattern 匹配此权限名称的第一个 URLPattern。
  • 参数 permission 名称的第一个 URLPattern 不匹配此权限 URLPatternSpec URLPatternList 中的任何 URLPattern。
  • 如果参数 permission 名称的第一个 URLPattern 匹配此权限 URLPatternSpec 中的第一个 URLPattern,那么此权限 URLPatternSpec URLPatternList 中的每个 URLPattern 都匹配参数 permission URLPatternList 中的 URLPattern。
  • 参数 permission 操作所表示的 HTTP 方法是此权限操作所表示的 HTTP 方法的子集。
  • 此权限操作中的 transportType 或者对应于值 "NONE",或者等于参数 permission 的操作中的 transportType。

URLPattern 匹配根据 Servlet 匹配规则 执行,模式匹配的两个 URL 的关系应该满足以下条件:

  • 其模式值为等效的 String;
  • 此模式为 path-prefix 模式 "/*";
  • 此模式为 path-prefix 模式(即以 "/" 开头以 "/*" 结尾),并且参数模式以此模式的子字符串(减去最后 2 个字符)开头,且参数模式的下一个字符为 "/"(如果有);
  • 此模式是 extension 模式(即以 "*." 开头),并且参数模式以此模式结尾;
  • 引用模式是特殊的默认模式 "/",它匹配所有参数模式。

上述所有比较都是区分大小写的。

permission 检查是否隐含参数权限的 "this" WebUserDataPermission。

return 如果对象隐含指定的权限,则返回 true;否则返回 false。

英文文档:

implies

public boolean implies(Permission permission)
Determines if the argument Permission is "implied by" this WebUserDataPermission. For this to be the case all of the following must be true:

  • The argument is an instanceof WebUserDataPermission.
  • The first URLPattern in the name of the argument permission is matched by the first URLPattern in the name of this permission.
  • The first URLPattern in the name of the argument permission is NOT matched by any URLPattern in the URLPatternList of the URLPatternSpec of this permission.
  • If the first URLPattern in the name of the argument permission matches the first URLPattern in the URLPatternSpec of this permission, then every URLPattern in the URLPatternList of the URLPatternSpec of this permission is matched by a URLPattern in the URLPatternList of the argument permission.
  • The HTTP methods represented by the actions of the argument permission are a subset of the HTTP methods represented by the actions of this permission.
  • The transportType in the actions of this permission either corresponds to the value "NONE", or equals the transportType in the actions of the argument permission.

URLPattern matching is performed using the Servlet matching rules where two URL patterns match if they are related as follows:

  • their pattern values are String equivalent, or
  • this pattern is the path-prefix pattern "/*", or
  • this pattern is a path-prefix pattern (that is, it starts with "/" and ends with "/*") and the argument pattern starts with the substring of this pattern, minus its last 2 characters, and the next character of the argument pattern, if there is one, is "/", or
  • this pattern is an extension pattern (that is, it starts with "*.") and the argument pattern ends with this pattern, or
  • the reference pattern is the special default pattern, "/", which matches all argument patterns.

All of the comparisons described above are case sensitive.

Specified by:
implies in class Permission
Parameters:
permission - "this" WebUserDataPermission is checked to see if it implies the argument permission.

Returns:
true if the specified permission is implied by this object, false if not.


Submit a bug or feature

Copyright 2007 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.

一看就知道只有菜鸟才干这么无知的事啦。

PS : 未经我党受权你也可自由散发此文档。 如有任何错误请自行修正;若因此而造成任何损失请直接找人民主席,请勿与本人联系。谢谢!