org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever.java Source code

Java tutorial

Introduction

Here is the source code for org.springframework.security.web.authentication.preauth.j2ee.WebXmlMappableAttributesRetriever.java

Source

/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.web.authentication.preauth.j2ee;

import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ResourceLoaderAware;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.security.core.authority.mapping.MappableAttributesRetriever;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/**
 * This <tt>MappableAttributesRetriever</tt> implementation reads the list of defined J2EE
 * roles from a <tt>web.xml</tt> file and returns these from {
 * {@link #getMappableAttributes()}.
 *
 * @author Ruud Senden
 * @author Luke Taylor
 * @since 2.0
 */
public class WebXmlMappableAttributesRetriever
        implements ResourceLoaderAware, MappableAttributesRetriever, InitializingBean {
    protected final Log logger = LogFactory.getLog(getClass());

    private ResourceLoader resourceLoader;
    private Set<String> mappableAttributes;

    public void setResourceLoader(ResourceLoader resourceLoader) {
        this.resourceLoader = resourceLoader;
    }

    public Set<String> getMappableAttributes() {
        return mappableAttributes;
    }

    /**
     * Loads the web.xml file using the configured <tt>ResourceLoader</tt> and parses the
     * role-name elements from it, using these as the set of <tt>mappableAttributes</tt>.
     */

    public void afterPropertiesSet() throws Exception {
        Resource webXml = resourceLoader.getResource("/WEB-INF/web.xml");
        Document doc = getDocument(webXml.getInputStream());
        NodeList webApp = doc.getElementsByTagName("web-app");
        if (webApp.getLength() != 1) {
            throw new IllegalArgumentException("Failed to find 'web-app' element in resource" + webXml);
        }
        NodeList securityRoles = ((Element) webApp.item(0)).getElementsByTagName("security-role");

        ArrayList<String> roleNames = new ArrayList<>();

        for (int i = 0; i < securityRoles.getLength(); i++) {
            Element secRoleElt = (Element) securityRoles.item(i);
            NodeList roles = secRoleElt.getElementsByTagName("role-name");

            if (roles.getLength() > 0) {
                String roleName = ((Element) roles.item(0)).getTextContent().trim();
                roleNames.add(roleName);
                logger.info("Retrieved role-name '" + roleName + "' from web.xml");
            } else {
                logger.info("No security-role elements found in " + webXml);
            }
        }

        mappableAttributes = Collections.unmodifiableSet(new HashSet<>(roleNames));
    }

    /**
     * @return Document for the specified InputStream
     */
    private Document getDocument(InputStream aStream) {
        Document doc;
        try {
            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
            factory.setValidating(false);
            DocumentBuilder db = factory.newDocumentBuilder();
            db.setEntityResolver(new MyEntityResolver());
            doc = db.parse(aStream);
            return doc;
        } catch (FactoryConfigurationError e) {
            throw new RuntimeException("Unable to parse document object", e);
        } catch (ParserConfigurationException e) {
            throw new RuntimeException("Unable to parse document object", e);
        } catch (SAXException e) {
            throw new RuntimeException("Unable to parse document object", e);
        } catch (IOException e) {
            throw new RuntimeException("Unable to parse document object", e);
        } finally {
            try {
                aStream.close();
            } catch (IOException e) {
                logger.warn("Failed to close input stream for web.xml", e);
            }
        }
    }

    /**
     * We do not need to resolve external entities, so just return an empty String.
     */
    private static final class MyEntityResolver implements EntityResolver {
        public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException {
            return new InputSource(new StringReader(""));
        }
    }
}