< prev index next >

src/java.base/share/classes/java/net/URLPermission.java

Print this page 







  40  * The range of method and header names is not restricted by this class.
  41  * <p><b>The url</b><p>
  42  * The url string has the following expected structure.
  43  * <pre>
  44  *     scheme : // authority [ / path ] [ ignored-query-or-fragment ]
  45  * </pre>
  46  * <i>scheme</i> will typically be http or https, but is not restricted by this
  47  * class.
  48  * <i>authority</i> is specified as:
  49  * <pre>
  50  *     authority = [ userinfo @ ] hostrange [ : portrange ]
  51  *     portrange = portnumber | -portnumber | portnumber-[portnumber] | *
  52  *     hostrange = ([*.] dnsname) | IPv4address | IPv6address
  53  * </pre>
  54  * <i>dnsname</i> is a standard DNS host or domain name, i.e. one or more labels
  55  * separated by ".". <i>IPv4address</i> is a standard literal IPv4 address and
  56  * <i>IPv6address</i> is as defined in <a href="http://www.ietf.org/rfc/rfc2732.txt">
  57  * RFC 2732</a>. Literal IPv6 addresses must however, be enclosed in '[]' characters.
  58  * The <i>dnsname</i> specification can be preceded by "*." which means
  59  * the name will match any hostname whose right-most domain labels are the same as
  60  * this name. For example, "*.oracle.com" matches "foo.bar.oracle.com"
  61  * <p>
  62  * <i>portrange</i> is used to specify a port number, or a bounded or unbounded range of ports
  63  * that this permission applies to. If portrange is absent or invalid, then a default
  64  * port number is assumed if the scheme is {@code http} (default 80) or {@code https}
  65  * (default 443). No default is assumed for other schemes. A wildcard may be specified
  66  * which means all ports.
  67  * <p>
  68  * <i>userinfo</i> is optional. A userinfo component if present, is ignored when
  69  * creating a URLPermission, and has no effect on any other methods defined by this class.
  70  * <p>
  71  * The <i>path</i> component comprises a sequence of path segments,
  72  * separated by '/' characters. <i>path</i> may also be empty. The path is specified
  73  * in a similar way to the path in {@link java.io.FilePermission}. There are
  74  * three different ways as the following examples show:
  75  * <table class="striped">
  76  * <caption>URL Examples</caption>
  77  * <thead>
  78  * <tr><th scope="col">Example url</th><th scope="col">Description</th></tr>
  79  * </thead>
  80  * <tbody style="text-align:left">
  81  * <tr><th scope="row" style="white-space:nowrap;">http://www.oracle.com/a/b/c.html</th>
  82  *   <td>A url which identifies a specific (single) resource</td>
  83  * </tr>
  84  * <tr><th scope="row">http://www.oracle.com/a/b/*</th>
  85  *   <td>The '*' character refers to all resources in the same "directory" - in
  86  *       other words all resources with the same number of path components, and
  87  *       which only differ in the final path component, represented by the '*'.
  88  *   </td>
  89  * </tr>
  90  * <tr><th scope="row">http://www.oracle.com/a/b/-</th>
  91  *   <td>The '-' character refers to all resources recursively below the
  92  *       preceding path (e.g. http://www.oracle.com/a/b/c/d/e.html matches this
  93  *       example).
  94  *   </td>
  95  * </tr>
  96  * </tbody>
  97  * </table>
  98  * <p>
  99  * The '*' and '-' may only be specified in the final segment of a path and must be
 100  * the only character in that segment. Any query or fragment components of the
 101  * url are ignored when constructing URLPermissions.
 102  * <p>
 103  * As a special case, urls of the form, "scheme:*" are accepted to
 104  * mean any url of the given scheme.
 105  * <p>
 106  * The <i>scheme</i> and <i>authority</i> components of the url string are handled
 107  * without regard to case. This means {@link #equals(Object)},
 108  * {@link #hashCode()} and {@link #implies(Permission)} are case insensitive with respect
 109  * to these components. If the <i>authority</i> contains a literal IP address,
 110  * then the address is normalized for comparison. The path component is case sensitive.
 111  * <p>
 112  * <i>ignored-query-or-fragment</i> refers to any query or fragment which appears after the


 250      * There is no white space in the returned String. If header-names is empty
 251      * then the colon separator may not be present.
 252      */
 253     public String getActions() {
 254         return actions;
 255     }
 256 
 257     /**
 258      * Checks if this URLPermission implies the given permission.
 259      * Specifically, the following checks are done as if in the
 260      * following sequence:
 261      * <ul>
 262      * <li>if 'p' is not an instance of URLPermission return false</li>
 263      * <li>if any of p's methods are not in this's method list, and if
 264      *     this's method list is not equal to "*", then return false.</li>
 265      * <li>if any of p's headers are not in this's request header list, and if
 266      *     this's request header list is not equal to "*", then return false.</li>
 267      * <li>if this's url scheme is not equal to p's url scheme return false</li>
 268      * <li>if the scheme specific part of this's url is '*' return true</li>
 269      * <li>if the set of hosts defined by p's url hostrange is not a subset of
 270      *     this's url hostrange then return false. For example, "*.foo.oracle.com"
 271      *     is a subset of "*.oracle.com". "foo.bar.oracle.com" is not
 272      *     a subset of "*.foo.oracle.com"</li>
 273      * <li>if the portrange defined by p's url is not a subset of the
 274      *     portrange defined by this's url then return false.
 275      * <li>if the path or paths specified by p's url are contained in the
 276      *     set of paths specified by this's url, then return true
 277      * <li>otherwise, return false</li>
 278      * </ul>
 279      * <p>Some examples of how paths are matched are shown below:
 280      * <table class="plain">
 281      * <caption>Examples of Path Matching</caption>
 282      * <thead>
 283      * <tr><th scope="col">this's path</th><th scope="col">p's path</th><th>match</th></tr>
 284      * </thead>
 285      * <tbody style="text-align:left">
 286      * <tr><th scope="row">/a/b</th><th scope="row">/a/b</th><td>yes</td></tr>
 287      * <tr><th scope="row" rowspan="3">/a/b/*</th><th scope="row">/a/b/c</th><td>yes</td></tr>
 288      * <tr>  <th scope="row">/a/b/c/d</th><td>no</td></tr>
 289      * <tr>  <th scope="row">/a/b/c/-</th><td>no</td></tr>
 290      * <tr><th scope="row" rowspan="3">/a/b/-</th><th scope="row">/a/b/c/d</th><td>yes</td></tr>
 291      * <tr>  <th scope="row">/a/b/c/d/e</th><td>yes</td></tr>
 292      * <tr>  <th scope="row">/a/b/c/*</th><td>yes</td></tr>






  40  * The range of method and header names is not restricted by this class.
  41  * <p><b>The url</b><p>
  42  * The url string has the following expected structure.
  43  * <pre>
  44  *     scheme : // authority [ / path ] [ ignored-query-or-fragment ]
  45  * </pre>
  46  * <i>scheme</i> will typically be http or https, but is not restricted by this
  47  * class.
  48  * <i>authority</i> is specified as:
  49  * <pre>
  50  *     authority = [ userinfo @ ] hostrange [ : portrange ]
  51  *     portrange = portnumber | -portnumber | portnumber-[portnumber] | *
  52  *     hostrange = ([*.] dnsname) | IPv4address | IPv6address
  53  * </pre>
  54  * <i>dnsname</i> is a standard DNS host or domain name, i.e. one or more labels
  55  * separated by ".". <i>IPv4address</i> is a standard literal IPv4 address and
  56  * <i>IPv6address</i> is as defined in <a href="http://www.ietf.org/rfc/rfc2732.txt">
  57  * RFC 2732</a>. Literal IPv6 addresses must however, be enclosed in '[]' characters.
  58  * The <i>dnsname</i> specification can be preceded by "*." which means
  59  * the name will match any hostname whose right-most domain labels are the same as
  60  * this name. For example, "*.example.com" matches "foo.bar.example.com"
  61  * <p>
  62  * <i>portrange</i> is used to specify a port number, or a bounded or unbounded range of ports
  63  * that this permission applies to. If portrange is absent or invalid, then a default
  64  * port number is assumed if the scheme is {@code http} (default 80) or {@code https}
  65  * (default 443). No default is assumed for other schemes. A wildcard may be specified
  66  * which means all ports.
  67  * <p>
  68  * <i>userinfo</i> is optional. A userinfo component if present, is ignored when
  69  * creating a URLPermission, and has no effect on any other methods defined by this class.
  70  * <p>
  71  * The <i>path</i> component comprises a sequence of path segments,
  72  * separated by '/' characters. <i>path</i> may also be empty. The path is specified
  73  * in a similar way to the path in {@link java.io.FilePermission}. There are
  74  * three different ways as the following examples show:
  75  * <table class="striped">
  76  * <caption>URL Examples</caption>
  77  * <thead>
  78  * <tr><th scope="col">Example url</th><th scope="col">Description</th></tr>
  79  * </thead>
  80  * <tbody style="text-align:left">
  81  * <tr><th scope="row" style="white-space:nowrap;">http://www.example.com/a/b/c.html</th>
  82  *   <td>A url which identifies a specific (single) resource</td>
  83  * </tr>
  84  * <tr><th scope="row">http://www.example.com/a/b/*</th>
  85  *   <td>The '*' character refers to all resources in the same "directory" - in
  86  *       other words all resources with the same number of path components, and
  87  *       which only differ in the final path component, represented by the '*'.
  88  *   </td>
  89  * </tr>
  90  * <tr><th scope="row">http://www.example.com/a/b/-</th>
  91  *   <td>The '-' character refers to all resources recursively below the
  92  *       preceding path (e.g. http://www.example.com/a/b/c/d/e.html matches this
  93  *       example).
  94  *   </td>
  95  * </tr>
  96  * </tbody>
  97  * </table>
  98  * <p>
  99  * The '*' and '-' may only be specified in the final segment of a path and must be
 100  * the only character in that segment. Any query or fragment components of the
 101  * url are ignored when constructing URLPermissions.
 102  * <p>
 103  * As a special case, urls of the form, "scheme:*" are accepted to
 104  * mean any url of the given scheme.
 105  * <p>
 106  * The <i>scheme</i> and <i>authority</i> components of the url string are handled
 107  * without regard to case. This means {@link #equals(Object)},
 108  * {@link #hashCode()} and {@link #implies(Permission)} are case insensitive with respect
 109  * to these components. If the <i>authority</i> contains a literal IP address,
 110  * then the address is normalized for comparison. The path component is case sensitive.
 111  * <p>
 112  * <i>ignored-query-or-fragment</i> refers to any query or fragment which appears after the


 250      * There is no white space in the returned String. If header-names is empty
 251      * then the colon separator may not be present.
 252      */
 253     public String getActions() {
 254         return actions;
 255     }
 256 
 257     /**
 258      * Checks if this URLPermission implies the given permission.
 259      * Specifically, the following checks are done as if in the
 260      * following sequence:
 261      * <ul>
 262      * <li>if 'p' is not an instance of URLPermission return false</li>
 263      * <li>if any of p's methods are not in this's method list, and if
 264      *     this's method list is not equal to "*", then return false.</li>
 265      * <li>if any of p's headers are not in this's request header list, and if
 266      *     this's request header list is not equal to "*", then return false.</li>
 267      * <li>if this's url scheme is not equal to p's url scheme return false</li>
 268      * <li>if the scheme specific part of this's url is '*' return true</li>
 269      * <li>if the set of hosts defined by p's url hostrange is not a subset of
 270      *     this's url hostrange then return false. For example, "*.foo.example.com"
 271      *     is a subset of "*.example.com". "foo.bar.example.com" is not
 272      *     a subset of "*.foo.example.com"</li>
 273      * <li>if the portrange defined by p's url is not a subset of the
 274      *     portrange defined by this's url then return false.
 275      * <li>if the path or paths specified by p's url are contained in the
 276      *     set of paths specified by this's url, then return true
 277      * <li>otherwise, return false</li>
 278      * </ul>
 279      * <p>Some examples of how paths are matched are shown below:
 280      * <table class="plain">
 281      * <caption>Examples of Path Matching</caption>
 282      * <thead>
 283      * <tr><th scope="col">this's path</th><th scope="col">p's path</th><th>match</th></tr>
 284      * </thead>
 285      * <tbody style="text-align:left">
 286      * <tr><th scope="row">/a/b</th><th scope="row">/a/b</th><td>yes</td></tr>
 287      * <tr><th scope="row" rowspan="3">/a/b/*</th><th scope="row">/a/b/c</th><td>yes</td></tr>
 288      * <tr>  <th scope="row">/a/b/c/d</th><td>no</td></tr>
 289      * <tr>  <th scope="row">/a/b/c/-</th><td>no</td></tr>
 290      * <tr><th scope="row" rowspan="3">/a/b/-</th><th scope="row">/a/b/c/d</th><td>yes</td></tr>
 291      * <tr>  <th scope="row">/a/b/c/d/e</th><td>yes</td></tr>
 292      * <tr>  <th scope="row">/a/b/c/*</th><td>yes</td></tr>







< prev index next >