Is there any possiblity to obtain the list of constraints from web.xml ?
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Even better is there a programmatic way to add new constraints ?
Thanks, Victor
如果你有一个ServletContainerInitializer, 在它的onStartup()方法中,你基本上会做你的容器在解析你的 web.xml 时所做的事情。例如:
@Override
public void onStartup(Set<Class<?>> classes, ServletContext ctx) throws ServletException {
ServletRegistration.Dynamic servlet = ctx.addServlet("myServlet", "com.package.myServlet"); // loop through classes set to find all your servlets
HttpConstraintElement constraint = new HttpConstraintElement(); // many constructors with options
ServletSecurityElement securityElement = new ServletSecurityElement(constraint); // many different constructors
servlet.setServletSecurity(securityElement);
}
我为各种配置评论的构造函数中有很多选项,甚至通过 servlet 3.0安全注释。我会让你发现它们。
至于在初始化后添加新约束,javadoc forsetServletSecurity()说:
* @throws IllegalStateException if the {@link ServletContext} from
* which this <code>ServletRegistration</code> was obtained has
* already been initialized
我找不到通过ServletContext接口获取约束列表的任何东西,但您始终可以自己解析 web.xml。
根据注释和部署描述符上的 Servlet 3.0,没有提到以security-constraints编程方式添加新内容。因此,我怀疑您是否可以以编程方式添加安全约束。