以编程方式从web.xml检索安全性约束 [英] programmatically retrieve security constraints from web.xml

问题描述

是否有可能从web.xml获取约束列表？

Is there any possiblity to obtain the list of constraints from web.xml ?

 <security-constraint>
    <web-resource-collection>
        <web-resource-name>admin</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
 </security-constraint>

更好的是有一种编程方式来添加新约束吗？

Even better is there a programmatic way to add new constraints ?

谢谢，
Victor

Thanks, Victor

推荐答案

如果您有 ServletContainerInitializer ，在其 onStartup（）方法中，您基本上可以执行容器在解析web.xml时所执行的操作。例如：？

If you have a ServletContainerInitializer, in its onStartup() method, you would basically do what your container does when it parses your web.xml. For example:

@Override
public void onStartup(Set<Class<?>> classes, ServletContext ctx) throws ServletException {
    ServletRegistration.Dynamic servlet = ctx.addServlet("myServlet", "com.package.myServlet"); // loop through classes set to find all your servlets
    HttpConstraintElement constraint = new HttpConstraintElement(); // many constructors with options
    ServletSecurityElement securityElement = new ServletSecurityElement(constraint); // many different constructors
    servlet.setServletSecurity(securityElement);
}

我为所有种类评论过的构造函数中有很多选项配置，甚至通过servlet 3.0 安全注释。我会让你发现它们。

There are a lot of options in the constructors I've commented for all sorts of configurations, even through the servlet 3.0 security annotations. I'll let you discover them all.

至于初始化后添加新约束， setServletSecurity（） 表示：

As for adding new constraints after initialization, the javadoc for setServletSecurity() says:

* @throws IllegalStateException if the {@link ServletContext} from
* which this <code>ServletRegistration</code> was obtained has
* already been initialized

我找不到任何获取清单的信息通过 ServletContext 接口的约束，但你总是可以自己解析web.xml。

I couldn't find anything for obtaining a list of constraints through ServletContext interface, but you can always parse the web.xml yourself.

这篇关于以编程方式从web.xml检索安全性约束的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！