Package org.glassfish.embeddable.web.config

Class SecurityConstraint

  • public class SecurityConstraint
extends Object
    Class used for configuring security constraints including Web Resource Collections (URL patterns, HTTP methods), Authorization Constraint (role names) and User Data Constraints (whether the web request needs to be received over a protected transport such as TLS).

    Usage example: 

          SecurityConstraint securityConstraint = new SecurityConstraint();
      securityConstraint.setWebResourceCollection(webResources);
      securityConstraint.setAuthConstraint("ADMINISTRATORS");
      securityConstraint.setUserDataConstraint(TransportGuarantee.CONFIDENTIAL);
    Author:
    Rajiv Mordani, Amy Roh
    See Also:
    WebResourceCollection

    • Constructor Detail

      • SecurityConstraint

        public SecurityConstraint()
        Create an instance of SecurityConstraint

    • Method Detail

      • setWebResourceCollection

        public void setWebResourceCollection​(Set<WebResourceCollection> webResourceCollection)
        Sets the web resource collection associated with this security constrint
        Parameters:
        webResourceCollection - the web resource collection for this constraint definition
        See Also:
        WebResourceCollection

      • getWebResourceCollection

        public Set<WebResourceCollection> getWebResourceCollection()
        Gets the web resource collection for this security constraint
        Returns:
        the web resource collection for this security constraint
        See Also:
        WebResourceCollection

      • setAuthConstraint

        public void setAuthConstraint​(String... roleNames)
        Sets the roles authorized to access the URL patterns and HTTP methods
        Parameters:
        roleNames - the roles authorized to access the url patterns and HTTP methods.

      • setUserDataConstraint

        public void setUserDataConstraint​(TransportGuarantee tg)
        Sets the requirement that the constrained requests be received over a protected transport layer connection. This guarantees how the data will be transported between client and server. The choices for type of transport guarantee include NONE, INTEGRAL, and CONFIDENTIAL. If no user data constraint applies to a request, the container must accept the request when received over any connection, including an unprotected one.
        Parameters:
        tg - the transport guarntee
        See Also:
        TransportGuarantee

      • getAuthConstraint

        public String[] getAuthConstraint()
        Gets the roles authorized to access the URL patterns and HTTP methods
        Returns:
        an array of roles as a String authorized to access the URL patterns and HTTP methods.

      • getDataConstraint

        public TransportGuarantee getDataConstraint()
        Gets the transport guarantee requirements for this SecurityConstraint
        Returns:
        the transport guarantee requirement for this SecurityConstraint
        See Also:
        TransportGuarantee

      • toString

        public String toString()
        Returns a formatted string of the state.
        Overrides:
        toString in class Object