public interface WebXml
This configuration interface parses the /WEB-INF/web.xml
and all /META-INF/web-fragment
files
found in the classpath and offers methods to obtain information from them which is not available by the standard
Servlet API.
Some examples:
// Get the <welcome-file-list> (which are essentially path-relative filenames which needs to be served when a folder is requested). List<String> welcomeFiles = WebXml.instance().getWelcomeFiles();
// Get a mapping of all error page locations by exception type (a key of null represents the default error page location, if any). Map<Class<Throwable>, String> errorPageLocations = WebXml.instance().getErrorPageLocations();
// Get the <form-login-page> (which is a context-relative URL to the login page of FORM based authentication). String formLoginPage = WebXml.instance().getFormLoginPage();
// Get a mapping of all <security-constraint> URL patterns and associated roles. Map<String, Set<String>> securityConstraints = WebXml.instance().getSecurityConstraints();
// Check if access to certain (context-relative) URL is allowed for the given role based on <security-constraint>. boolean accessAllowed = WebXml.instance().isAccessAllowed("/admin.xhtml", "admin");
// Get web.xml configured session timeout (in seconds). int sessionTimeout = WebXml.instance().getSessionTimeout();
Since OmniFaces 3.1, you can if necessary even inject it.
@Inject private WebXml webXml;
WebXmlSingleton
,
WebXmlProducer
Modifier and Type | Field and Description |
---|---|
static WebXml |
INSTANCE
Deprecated.
Since 3.1; Use
instance() instead. |
Modifier and Type | Method and Description |
---|---|
String |
findErrorPageLocation(Throwable exception)
Find for the given exception the right error page location.
|
Map<Class<Throwable>,String> |
getErrorPageLocations()
Returns a mapping of all error page locations by exception type.
|
String |
getFormErrorPage()
Returns the location of the FORM authentication error page, or
null if it is not defined. |
String |
getFormLoginPage()
Returns the location of the FORM authentication login page, or
null if it is not defined. |
Map<String,Set<String>> |
getSecurityConstraints()
Returns a mapping of all security constraint URL patterns and the associated roles in the declared order.
|
int |
getSessionTimeout()
Returns the configured session timeout in minutes, or
-1 if it is not defined. |
List<String> |
getWelcomeFiles()
Returns a list of all welcome files.
|
default WebXml |
init(ServletContext servletContext)
Deprecated.
Since 3.1; Use
instance() instead. It will fall back to CDI to obtain the servlet context. |
static WebXml |
instance()
Returns the lazily loaded enum singleton instance.
|
boolean |
isAccessAllowed(String url,
String role)
Returns
true if access to the given URL is allowed for the given role. |
@Deprecated static final WebXml INSTANCE
instance()
instead.static WebXml instance()
@Deprecated default WebXml init(ServletContext servletContext)
instance()
instead. It will fall back to CDI to obtain the servlet context.servletContext
- The servlet context to obtain the web.xml from.WebXml
instance, initialized and all.String findErrorPageLocation(Throwable exception)
exception
- The exception to find the error page location for.boolean isAccessAllowed(String url, String role)
true
if access to the given URL is allowed for the given role. URL patterns are matched as
per Servlet 3.0 specification 12.1:
true
.
url
- URL to be checked for access by the given role. It must start with '/' and be context-relative.role
- Role to be checked for access to the given URL.true
if access to the given URL is allowed for the given role, otherwise false
.NullPointerException
- If given URL is null.IllegalArgumentException
- If given URL does not start with '/'.List<String> getWelcomeFiles()
Map<Class<Throwable>,String> getErrorPageLocations()
null
key.String getFormLoginPage()
null
if it is not defined.null
if it is not defined.String getFormErrorPage()
null
if it is not defined.null
if it is not defined.Map<String,Set<String>> getSecurityConstraints()
null
, then it means that no auth constraint is been set (i.e. the resource is publicly
accessible). If the roles is empty, then it means that an empty auth constraint is been set (i.e. the resource
is in no way accessible).int getSessionTimeout()
-1
if it is not defined.-1
if it is not defined.Copyright © 2012–2020 OmniFaces. All rights reserved.