< prev index next >

src/java.base/share/classes/java/net/URLPermission.java

Print this page




  55  * separated by ".". <i>IPv4address</i> is a standard literal IPv4 address and
  56  * <i>IPv6address</i> is as defined in <a href="http://www.ietf.org/rfc/rfc2732.txt">
  57  * RFC 2732</a>. Literal IPv6 addresses must however, be enclosed in '[]' characters.
  58  * The <i>dnsname</i> specification can be preceded by "*." which means
  59  * the name will match any hostname whose right-most domain labels are the same as
  60  * this name. For example, "*.oracle.com" matches "foo.bar.oracle.com"
  61  * <p>
  62  * <i>portrange</i> is used to specify a port number, or a bounded or unbounded range of ports
  63  * that this permission applies to. If portrange is absent or invalid, then a default
  64  * port number is assumed if the scheme is {@code http} (default 80) or {@code https}
  65  * (default 443). No default is assumed for other schemes. A wildcard may be specified
  66  * which means all ports.
  67  * <p>
  68  * <i>userinfo</i> is optional. A userinfo component if present, is ignored when
  69  * creating a URLPermission, and has no effect on any other methods defined by this class.
  70  * <p>
  71  * The <i>path</i> component comprises a sequence of path segments,
  72  * separated by '/' characters. <i>path</i> may also be empty. The path is specified
  73  * in a similar way to the path in {@link java.io.FilePermission}. There are
  74  * three different ways as the following examples show:
  75  * <table border>
  76  * <caption>URL Examples</caption>

  77  * <tr><th>Example url</th><th>Description</th></tr>


  78  * <tr><td style="white-space:nowrap;">http://www.oracle.com/a/b/c.html</td>
  79  *   <td>A url which identifies a specific (single) resource</td>
  80  * </tr>
  81  * <tr><td>http://www.oracle.com/a/b/*</td>
  82  *   <td>The '*' character refers to all resources in the same "directory" - in
  83  *       other words all resources with the same number of path components, and
  84  *       which only differ in the final path component, represented by the '*'.
  85  *   </td>
  86  * </tr>
  87  * <tr><td>http://www.oracle.com/a/b/-</td>
  88  *   <td>The '-' character refers to all resources recursively below the
  89  *       preceding path (eg. http://www.oracle.com/a/b/c/d/e.html matches this
  90  *       example).
  91  *   </td>
  92  * </tr>

  93  * </table>
  94  * <p>
  95  * The '*' and '-' may only be specified in the final segment of a path and must be
  96  * the only character in that segment. Any query or fragment components of the
  97  * url are ignored when constructing URLPermissions.
  98  * <p>
  99  * As a special case, urls of the form, "scheme:*" are accepted to
 100  * mean any url of the given scheme.
 101  * <p>
 102  * The <i>scheme</i> and <i>authority</i> components of the url string are handled
 103  * without regard to case. This means {@link #equals(Object)},
 104  * {@link #hashCode()} and {@link #implies(Permission)} are case insensitive with respect
 105  * to these components. If the <i>authority</i> contains a literal IP address,
 106  * then the address is normalized for comparison. The path component is case sensitive.
 107  * <p><b>The actions string</b><p>
 108  * The actions string of a URLPermission is a concatenation of the <i>method list</i>
 109  * and the <i>request headers list</i>. These are lists of the permitted request
 110  * methods and permitted request headers of the permission (respectively). The two lists
 111  * are separated by a colon ':' character and elements of each list are comma separated.
 112  * Some examples are:


 229      * following sequence:
 230      * <ul>
 231      * <li>if 'p' is not an instance of URLPermission return false</li>
 232      * <li>if any of p's methods are not in this's method list, and if
 233      *     this's method list is not equal to "*", then return false.</li>
 234      * <li>if any of p's headers are not in this's request header list, and if
 235      *     this's request header list is not equal to "*", then return false.</li>
 236      * <li>if this's url scheme is not equal to p's url scheme return false</li>
 237      * <li>if the scheme specific part of this's url is '*' return true</li>
 238      * <li>if the set of hosts defined by p's url hostrange is not a subset of
 239      *     this's url hostrange then return false. For example, "*.foo.oracle.com"
 240      *     is a subset of "*.oracle.com". "foo.bar.oracle.com" is not
 241      *     a subset of "*.foo.oracle.com"</li>
 242      * <li>if the portrange defined by p's url is not a subset of the
 243      *     portrange defined by this's url then return false.
 244      * <li>if the path or paths specified by p's url are contained in the
 245      *     set of paths specified by this's url, then return true
 246      * <li>otherwise, return false</li>
 247      * </ul>
 248      * <p>Some examples of how paths are matched are shown below:
 249      * <table border>
 250      * <caption>Examples of Path Matching</caption>

 251      * <tr><th>this's path</th><th>p's path</th><th>match</th></tr>


 252      * <tr><td>/a/b</td><td>/a/b</td><td>yes</td></tr>
 253      * <tr><td>/a/b/*</td><td>/a/b/c</td><td>yes</td></tr>
 254      * <tr><td>/a/b/*</td><td>/a/b/c/d</td><td>no</td></tr>
 255      * <tr><td>/a/b/-</td><td>/a/b/c/d</td><td>yes</td></tr>
 256      * <tr><td>/a/b/-</td><td>/a/b/c/d/e</td><td>yes</td></tr>
 257      * <tr><td>/a/b/-</td><td>/a/b/c/*</td><td>yes</td></tr>
 258      * <tr><td>/a/b/*</td><td>/a/b/c/-</td><td>no</td></tr>

 259      * </table>
 260      */
 261     public boolean implies(Permission p) {
 262         if (! (p instanceof URLPermission)) {
 263             return false;
 264         }
 265 
 266         URLPermission that = (URLPermission)p;
 267 
 268         if (this.methods.isEmpty() && !that.methods.isEmpty()) {
 269             return false;
 270         }
 271 
 272         if (!this.methods.isEmpty() &&
 273             !this.methods.get(0).equals("*") &&
 274             Collections.indexOfSubList(this.methods,
 275                                        that.methods) == -1) {
 276             return false;
 277         }
 278 




  55  * separated by ".". <i>IPv4address</i> is a standard literal IPv4 address and
  56  * <i>IPv6address</i> is as defined in <a href="http://www.ietf.org/rfc/rfc2732.txt">
  57  * RFC 2732</a>. Literal IPv6 addresses must however, be enclosed in '[]' characters.
  58  * The <i>dnsname</i> specification can be preceded by "*." which means
  59  * the name will match any hostname whose right-most domain labels are the same as
  60  * this name. For example, "*.oracle.com" matches "foo.bar.oracle.com"
  61  * <p>
  62  * <i>portrange</i> is used to specify a port number, or a bounded or unbounded range of ports
  63  * that this permission applies to. If portrange is absent or invalid, then a default
  64  * port number is assumed if the scheme is {@code http} (default 80) or {@code https}
  65  * (default 443). No default is assumed for other schemes. A wildcard may be specified
  66  * which means all ports.
  67  * <p>
  68  * <i>userinfo</i> is optional. A userinfo component if present, is ignored when
  69  * creating a URLPermission, and has no effect on any other methods defined by this class.
  70  * <p>
  71  * The <i>path</i> component comprises a sequence of path segments,
  72  * separated by '/' characters. <i>path</i> may also be empty. The path is specified
  73  * in a similar way to the path in {@link java.io.FilePermission}. There are
  74  * three different ways as the following examples show:
  75  * <table class="plain">
  76  * <caption>URL Examples</caption>
  77  * <thead>
  78  * <tr><th>Example url</th><th>Description</th></tr>
  79  * </thead>
  80  * <tbody>
  81  * <tr><td style="white-space:nowrap;">http://www.oracle.com/a/b/c.html</td>
  82  *   <td>A url which identifies a specific (single) resource</td>
  83  * </tr>
  84  * <tr><td>http://www.oracle.com/a/b/*</td>
  85  *   <td>The '*' character refers to all resources in the same "directory" - in
  86  *       other words all resources with the same number of path components, and
  87  *       which only differ in the final path component, represented by the '*'.
  88  *   </td>
  89  * </tr>
  90  * <tr><td>http://www.oracle.com/a/b/-</td>
  91  *   <td>The '-' character refers to all resources recursively below the
  92  *       preceding path (eg. http://www.oracle.com/a/b/c/d/e.html matches this
  93  *       example).
  94  *   </td>
  95  * </tr>
  96  * </tbody>
  97  * </table>
  98  * <p>
  99  * The '*' and '-' may only be specified in the final segment of a path and must be
 100  * the only character in that segment. Any query or fragment components of the
 101  * url are ignored when constructing URLPermissions.
 102  * <p>
 103  * As a special case, urls of the form, "scheme:*" are accepted to
 104  * mean any url of the given scheme.
 105  * <p>
 106  * The <i>scheme</i> and <i>authority</i> components of the url string are handled
 107  * without regard to case. This means {@link #equals(Object)},
 108  * {@link #hashCode()} and {@link #implies(Permission)} are case insensitive with respect
 109  * to these components. If the <i>authority</i> contains a literal IP address,
 110  * then the address is normalized for comparison. The path component is case sensitive.
 111  * <p><b>The actions string</b><p>
 112  * The actions string of a URLPermission is a concatenation of the <i>method list</i>
 113  * and the <i>request headers list</i>. These are lists of the permitted request
 114  * methods and permitted request headers of the permission (respectively). The two lists
 115  * are separated by a colon ':' character and elements of each list are comma separated.
 116  * Some examples are:


 233      * following sequence:
 234      * <ul>
 235      * <li>if 'p' is not an instance of URLPermission return false</li>
 236      * <li>if any of p's methods are not in this's method list, and if
 237      *     this's method list is not equal to "*", then return false.</li>
 238      * <li>if any of p's headers are not in this's request header list, and if
 239      *     this's request header list is not equal to "*", then return false.</li>
 240      * <li>if this's url scheme is not equal to p's url scheme return false</li>
 241      * <li>if the scheme specific part of this's url is '*' return true</li>
 242      * <li>if the set of hosts defined by p's url hostrange is not a subset of
 243      *     this's url hostrange then return false. For example, "*.foo.oracle.com"
 244      *     is a subset of "*.oracle.com". "foo.bar.oracle.com" is not
 245      *     a subset of "*.foo.oracle.com"</li>
 246      * <li>if the portrange defined by p's url is not a subset of the
 247      *     portrange defined by this's url then return false.
 248      * <li>if the path or paths specified by p's url are contained in the
 249      *     set of paths specified by this's url, then return true
 250      * <li>otherwise, return false</li>
 251      * </ul>
 252      * <p>Some examples of how paths are matched are shown below:
 253      * <table class="plain">
 254      * <caption>Examples of Path Matching</caption>
 255      * <thead>
 256      * <tr><th>this's path</th><th>p's path</th><th>match</th></tr>
 257      * </thead>
 258      * <tbody>
 259      * <tr><td>/a/b</td><td>/a/b</td><td>yes</td></tr>
 260      * <tr><td>/a/b/*</td><td>/a/b/c</td><td>yes</td></tr>
 261      * <tr><td>/a/b/*</td><td>/a/b/c/d</td><td>no</td></tr>
 262      * <tr><td>/a/b/-</td><td>/a/b/c/d</td><td>yes</td></tr>
 263      * <tr><td>/a/b/-</td><td>/a/b/c/d/e</td><td>yes</td></tr>
 264      * <tr><td>/a/b/-</td><td>/a/b/c/*</td><td>yes</td></tr>
 265      * <tr><td>/a/b/*</td><td>/a/b/c/-</td><td>no</td></tr>
 266      * </tbody>
 267      * </table>
 268      */
 269     public boolean implies(Permission p) {
 270         if (! (p instanceof URLPermission)) {
 271             return false;
 272         }
 273 
 274         URLPermission that = (URLPermission)p;
 275 
 276         if (this.methods.isEmpty() && !that.methods.isEmpty()) {
 277             return false;
 278         }
 279 
 280         if (!this.methods.isEmpty() &&
 281             !this.methods.get(0).equals("*") &&
 282             Collections.indexOfSubList(this.methods,
 283                                        that.methods) == -1) {
 284             return false;
 285         }
 286 


< prev index next >