Interface WebXml


  • public interface WebXml

    This configuration interface parses the /WEB-INF/web.xml and all /META-INF/web-fragment files found in the classpath and offers methods to obtain information from them which is not available by the standard Servlet API.

    Usage

    Some examples:

     // Get the <welcome-file-list> (which are essentially path-relative filenames which needs to be served when a folder is requested).
     List<String> welcomeFiles = WebXml.instance().getWelcomeFiles();
     
     // Get a mapping of all error page locations by exception type (a key of null represents the default error page location, if any).
     Map<Class<Throwable>, String> errorPageLocations = WebXml.instance().getErrorPageLocations();
     
     // Get the <form-login-page> (which is a context-relative URL to the login page of FORM based authentication).
     String formLoginPage = WebXml.instance().getFormLoginPage();
     
     // Get a mapping of all <security-constraint> URL patterns and associated roles.
     Map<String, Set<String>> securityConstraints = WebXml.instance().getSecurityConstraints();
     
     // Check if access to certain (context-relative) URL is allowed for the given role based on <security-constraint>.
     boolean accessAllowed = WebXml.instance().isAccessAllowed("/admin.xhtml", "admin");
     
     // Get web.xml configured session timeout (in minutes).
     int sessionTimeout = WebXml.instance().getSessionTimeout();
     

    Since OmniFaces 3.1, you can if necessary even inject it.

     @Inject
     private WebXml webXml;
     
    Since:
    1.2
    Author:
    Bauke Scholtz
    See Also:
    WebXmlSingleton, WebXmlProducer
    • Method Detail

      • instance

        static WebXml instance()
        Returns the lazily loaded enum singleton instance.
        Returns:
        The lazily loaded enum singleton instance.
        Since:
        3.1
      • findErrorPageLocation

        String findErrorPageLocation​(Throwable exception)
        Find for the given exception the right error page location. Exception types are matched as per Servlet 3.0 specification 10.9.2 with the exception that the given exception is already unwrapped:
        • Make a pass through all specific exception types. If a match is found in the exception class hierarchy, use its location. The closest match in the class hierarchy wins.
        • Else use the default error page location, which can be either the java.lang.Throwable or HTTP 500 or default one.
        Parameters:
        exception - The exception to find the error page location for.
        Returns:
        The right error page location for the given exception.
      • isAccessAllowed

        boolean isAccessAllowed​(String url,
                                String role)
        Returns true if access to the given URL is allowed for the given role. URL patterns are matched as per Servlet 3.0 specification 12.1:
        • Make a first pass through all URL patterns. If an exact match is found, then check the role on it.
        • Else make a recursive pass through all prefix URL patterns, stepping down the URL one directory at a time, trying to find the longest path match. If it is found, then check the role on it.
        • Else if the last segment in the URL path contains an extension, then make a last pass through all suffix URL patterns. If a match is found, then check the role on it.
        • Else assume it as unprotected resource and return true.
        Parameters:
        url - URL to be checked for access by the given role. It must start with '/' and be context-relative.
        role - Role to be checked for access to the given URL.
        Returns:
        true if access to the given URL is allowed for the given role, otherwise false.
        Throws:
        NullPointerException - If given URL is null.
        IllegalArgumentException - If given URL does not start with '/'.
        Since:
        1.4
      • getWelcomeFiles

        List<String> getWelcomeFiles()
        Returns a list of all welcome files.
        Returns:
        A list of all welcome files.
        Since:
        1.4
      • getErrorPageLocations

        Map<Class<Throwable>,​String> getErrorPageLocations()
        Returns a mapping of all error page locations by exception type. The default location is identified by null key.
        Returns:
        A mapping of all error page locations by exception type.
      • getFormLoginPage

        String getFormLoginPage()
        Returns the location of the FORM authentication login page, or null if it is not defined.
        Returns:
        The location of the FORM authentication login page, or null if it is not defined.
      • getFormErrorPage

        String getFormErrorPage()
        Returns the location of the FORM authentication error page, or null if it is not defined.
        Returns:
        The location of the FORM authentication error page, or null if it is not defined.
        Since:
        1.8
      • getSecurityConstraints

        Map<String,​Set<String>> getSecurityConstraints()
        Returns a mapping of all security constraint URL patterns and the associated roles in the declared order. If the roles is null, then it means that no auth constraint is been set (i.e. the resource is publicly accessible). If the roles is empty, then it means that an empty auth constraint is been set (i.e. the resource is in no way accessible).
        Returns:
        A mapping of all security constraint URL patterns and the associated roles in the declared order.
        Since:
        1.4
      • getSessionTimeout

        int getSessionTimeout()
        Returns the configured session timeout in minutes, or -1 if it is not defined.
        Returns:
        The configured session timeout in minutes, or -1 if it is not defined.
        Since:
        1.7
      • isDistributable

        boolean isDistributable()
        Returns whether the distributable flag is set in root web.xml.
        Returns:
        Whether the distributable flag is set in root web.xml.
        Since:
        3.9