40 * The range of method and header names is not restricted by this class. 41 * <p><b>The url</b><p> 42 * The url string has the following expected structure. 43 * <pre> 44 * scheme : // authority [ / path ] [ ignored-query-or-fragment ] 45 * </pre> 46 * <i>scheme</i> will typically be http or https, but is not restricted by this 47 * class. 48 * <i>authority</i> is specified as: 49 * <pre> 50 * authority = [ userinfo @ ] hostrange [ : portrange ] 51 * portrange = portnumber | -portnumber | portnumber-[portnumber] | * 52 * hostrange = ([*.] dnsname) | IPv4address | IPv6address 53 * </pre> 54 * <i>dnsname</i> is a standard DNS host or domain name, i.e. one or more labels 55 * separated by ".". <i>IPv4address</i> is a standard literal IPv4 address and 56 * <i>IPv6address</i> is as defined in <a href="http://www.ietf.org/rfc/rfc2732.txt"> 57 * RFC 2732</a>. Literal IPv6 addresses must however, be enclosed in '[]' characters. 58 * The <i>dnsname</i> specification can be preceded by "*." which means 59 * the name will match any hostname whose right-most domain labels are the same as 60 * this name. For example, "*.oracle.com" matches "foo.bar.oracle.com" 61 * <p> 62 * <i>portrange</i> is used to specify a port number, or a bounded or unbounded range of ports 63 * that this permission applies to. If portrange is absent or invalid, then a default 64 * port number is assumed if the scheme is {@code http} (default 80) or {@code https} 65 * (default 443). No default is assumed for other schemes. A wildcard may be specified 66 * which means all ports. 67 * <p> 68 * <i>userinfo</i> is optional. A userinfo component if present, is ignored when 69 * creating a URLPermission, and has no effect on any other methods defined by this class. 70 * <p> 71 * The <i>path</i> component comprises a sequence of path segments, 72 * separated by '/' characters. <i>path</i> may also be empty. The path is specified 73 * in a similar way to the path in {@link java.io.FilePermission}. There are 74 * three different ways as the following examples show: 75 * <table class="striped"> 76 * <caption>URL Examples</caption> 77 * <thead> 78 * <tr><th scope="col">Example url</th><th scope="col">Description</th></tr> 79 * </thead> 80 * <tbody style="text-align:left"> 81 * <tr><th scope="row" style="white-space:nowrap;">http://www.oracle.com/a/b/c.html</th> 82 * <td>A url which identifies a specific (single) resource</td> 83 * </tr> 84 * <tr><th scope="row">http://www.oracle.com/a/b/*</th> 85 * <td>The '*' character refers to all resources in the same "directory" - in 86 * other words all resources with the same number of path components, and 87 * which only differ in the final path component, represented by the '*'. 88 * </td> 89 * </tr> 90 * <tr><th scope="row">http://www.oracle.com/a/b/-</th> 91 * <td>The '-' character refers to all resources recursively below the 92 * preceding path (e.g. http://www.oracle.com/a/b/c/d/e.html matches this 93 * example). 94 * </td> 95 * </tr> 96 * </tbody> 97 * </table> 98 * <p> 99 * The '*' and '-' may only be specified in the final segment of a path and must be 100 * the only character in that segment. Any query or fragment components of the 101 * url are ignored when constructing URLPermissions. 102 * <p> 103 * As a special case, urls of the form, "scheme:*" are accepted to 104 * mean any url of the given scheme. 105 * <p> 106 * The <i>scheme</i> and <i>authority</i> components of the url string are handled 107 * without regard to case. This means {@link #equals(Object)}, 108 * {@link #hashCode()} and {@link #implies(Permission)} are case insensitive with respect 109 * to these components. If the <i>authority</i> contains a literal IP address, 110 * then the address is normalized for comparison. The path component is case sensitive. 111 * <p> 112 * <i>ignored-query-or-fragment</i> refers to any query or fragment which appears after the 250 * There is no white space in the returned String. If header-names is empty 251 * then the colon separator may not be present. 252 */ 253 public String getActions() { 254 return actions; 255 } 256 257 /** 258 * Checks if this URLPermission implies the given permission. 259 * Specifically, the following checks are done as if in the 260 * following sequence: 261 * <ul> 262 * <li>if 'p' is not an instance of URLPermission return false</li> 263 * <li>if any of p's methods are not in this's method list, and if 264 * this's method list is not equal to "*", then return false.</li> 265 * <li>if any of p's headers are not in this's request header list, and if 266 * this's request header list is not equal to "*", then return false.</li> 267 * <li>if this's url scheme is not equal to p's url scheme return false</li> 268 * <li>if the scheme specific part of this's url is '*' return true</li> 269 * <li>if the set of hosts defined by p's url hostrange is not a subset of 270 * this's url hostrange then return false. For example, "*.foo.oracle.com" 271 * is a subset of "*.oracle.com". "foo.bar.oracle.com" is not 272 * a subset of "*.foo.oracle.com"</li> 273 * <li>if the portrange defined by p's url is not a subset of the 274 * portrange defined by this's url then return false. 275 * <li>if the path or paths specified by p's url are contained in the 276 * set of paths specified by this's url, then return true 277 * <li>otherwise, return false</li> 278 * </ul> 279 * <p>Some examples of how paths are matched are shown below: 280 * <table class="plain"> 281 * <caption>Examples of Path Matching</caption> 282 * <thead> 283 * <tr><th scope="col">this's path</th><th scope="col">p's path</th><th>match</th></tr> 284 * </thead> 285 * <tbody style="text-align:left"> 286 * <tr><th scope="row">/a/b</th><th scope="row">/a/b</th><td>yes</td></tr> 287 * <tr><th scope="row" rowspan="3">/a/b/*</th><th scope="row">/a/b/c</th><td>yes</td></tr> 288 * <tr> <th scope="row">/a/b/c/d</th><td>no</td></tr> 289 * <tr> <th scope="row">/a/b/c/-</th><td>no</td></tr> 290 * <tr><th scope="row" rowspan="3">/a/b/-</th><th scope="row">/a/b/c/d</th><td>yes</td></tr> 291 * <tr> <th scope="row">/a/b/c/d/e</th><td>yes</td></tr> 292 * <tr> <th scope="row">/a/b/c/*</th><td>yes</td></tr> | 40 * The range of method and header names is not restricted by this class. 41 * <p><b>The url</b><p> 42 * The url string has the following expected structure. 43 * <pre> 44 * scheme : // authority [ / path ] [ ignored-query-or-fragment ] 45 * </pre> 46 * <i>scheme</i> will typically be http or https, but is not restricted by this 47 * class. 48 * <i>authority</i> is specified as: 49 * <pre> 50 * authority = [ userinfo @ ] hostrange [ : portrange ] 51 * portrange = portnumber | -portnumber | portnumber-[portnumber] | * 52 * hostrange = ([*.] dnsname) | IPv4address | IPv6address 53 * </pre> 54 * <i>dnsname</i> is a standard DNS host or domain name, i.e. one or more labels 55 * separated by ".". <i>IPv4address</i> is a standard literal IPv4 address and 56 * <i>IPv6address</i> is as defined in <a href="http://www.ietf.org/rfc/rfc2732.txt"> 57 * RFC 2732</a>. Literal IPv6 addresses must however, be enclosed in '[]' characters. 58 * The <i>dnsname</i> specification can be preceded by "*." which means 59 * the name will match any hostname whose right-most domain labels are the same as 60 * this name. For example, "*.example.com" matches "foo.bar.example.com" 61 * <p> 62 * <i>portrange</i> is used to specify a port number, or a bounded or unbounded range of ports 63 * that this permission applies to. If portrange is absent or invalid, then a default 64 * port number is assumed if the scheme is {@code http} (default 80) or {@code https} 65 * (default 443). No default is assumed for other schemes. A wildcard may be specified 66 * which means all ports. 67 * <p> 68 * <i>userinfo</i> is optional. A userinfo component if present, is ignored when 69 * creating a URLPermission, and has no effect on any other methods defined by this class. 70 * <p> 71 * The <i>path</i> component comprises a sequence of path segments, 72 * separated by '/' characters. <i>path</i> may also be empty. The path is specified 73 * in a similar way to the path in {@link java.io.FilePermission}. There are 74 * three different ways as the following examples show: 75 * <table class="striped"> 76 * <caption>URL Examples</caption> 77 * <thead> 78 * <tr><th scope="col">Example url</th><th scope="col">Description</th></tr> 79 * </thead> 80 * <tbody style="text-align:left"> 81 * <tr><th scope="row" style="white-space:nowrap;">http://www.example.com/a/b/c.html</th> 82 * <td>A url which identifies a specific (single) resource</td> 83 * </tr> 84 * <tr><th scope="row">http://www.example.com/a/b/*</th> 85 * <td>The '*' character refers to all resources in the same "directory" - in 86 * other words all resources with the same number of path components, and 87 * which only differ in the final path component, represented by the '*'. 88 * </td> 89 * </tr> 90 * <tr><th scope="row">http://www.example.com/a/b/-</th> 91 * <td>The '-' character refers to all resources recursively below the 92 * preceding path (e.g. http://www.example.com/a/b/c/d/e.html matches this 93 * example). 94 * </td> 95 * </tr> 96 * </tbody> 97 * </table> 98 * <p> 99 * The '*' and '-' may only be specified in the final segment of a path and must be 100 * the only character in that segment. Any query or fragment components of the 101 * url are ignored when constructing URLPermissions. 102 * <p> 103 * As a special case, urls of the form, "scheme:*" are accepted to 104 * mean any url of the given scheme. 105 * <p> 106 * The <i>scheme</i> and <i>authority</i> components of the url string are handled 107 * without regard to case. This means {@link #equals(Object)}, 108 * {@link #hashCode()} and {@link #implies(Permission)} are case insensitive with respect 109 * to these components. If the <i>authority</i> contains a literal IP address, 110 * then the address is normalized for comparison. The path component is case sensitive. 111 * <p> 112 * <i>ignored-query-or-fragment</i> refers to any query or fragment which appears after the 250 * There is no white space in the returned String. If header-names is empty 251 * then the colon separator may not be present. 252 */ 253 public String getActions() { 254 return actions; 255 } 256 257 /** 258 * Checks if this URLPermission implies the given permission. 259 * Specifically, the following checks are done as if in the 260 * following sequence: 261 * <ul> 262 * <li>if 'p' is not an instance of URLPermission return false</li> 263 * <li>if any of p's methods are not in this's method list, and if 264 * this's method list is not equal to "*", then return false.</li> 265 * <li>if any of p's headers are not in this's request header list, and if 266 * this's request header list is not equal to "*", then return false.</li> 267 * <li>if this's url scheme is not equal to p's url scheme return false</li> 268 * <li>if the scheme specific part of this's url is '*' return true</li> 269 * <li>if the set of hosts defined by p's url hostrange is not a subset of 270 * this's url hostrange then return false. For example, "*.foo.example.com" 271 * is a subset of "*.example.com". "foo.bar.example.com" is not 272 * a subset of "*.foo.example.com"</li> 273 * <li>if the portrange defined by p's url is not a subset of the 274 * portrange defined by this's url then return false. 275 * <li>if the path or paths specified by p's url are contained in the 276 * set of paths specified by this's url, then return true 277 * <li>otherwise, return false</li> 278 * </ul> 279 * <p>Some examples of how paths are matched are shown below: 280 * <table class="plain"> 281 * <caption>Examples of Path Matching</caption> 282 * <thead> 283 * <tr><th scope="col">this's path</th><th scope="col">p's path</th><th>match</th></tr> 284 * </thead> 285 * <tbody style="text-align:left"> 286 * <tr><th scope="row">/a/b</th><th scope="row">/a/b</th><td>yes</td></tr> 287 * <tr><th scope="row" rowspan="3">/a/b/*</th><th scope="row">/a/b/c</th><td>yes</td></tr> 288 * <tr> <th scope="row">/a/b/c/d</th><td>no</td></tr> 289 * <tr> <th scope="row">/a/b/c/-</th><td>no</td></tr> 290 * <tr><th scope="row" rowspan="3">/a/b/-</th><th scope="row">/a/b/c/d</th><td>yes</td></tr> 291 * <tr> <th scope="row">/a/b/c/d/e</th><td>yes</td></tr> 292 * <tr> <th scope="row">/a/b/c/*</th><td>yes</td></tr> |