-
public interface WebXml
This configuration interface parses the
/WEB-INF/web.xml
and all/META-INF/web-fragment
files found in the classpath and offers methods to obtain information from them which is not available by the standard Servlet API.Usage
Some examples:
// Get the <welcome-file-list> (which are essentially path-relative filenames which needs to be served when a folder is requested). List<String> welcomeFiles = WebXml.instance().getWelcomeFiles();
// Get a mapping of all error page locations by exception type (a key of null represents the default error page location, if any). Map<Class<Throwable>, String> errorPageLocations = WebXml.instance().getErrorPageLocations();
// Get the <form-login-page> (which is a context-relative URL to the login page of FORM based authentication). String formLoginPage = WebXml.instance().getFormLoginPage();
// Get a mapping of all <security-constraint> URL patterns and associated roles. Map<String, Set<String>> securityConstraints = WebXml.instance().getSecurityConstraints();
// Check if access to certain (context-relative) URL is allowed for the given role based on <security-constraint>. boolean accessAllowed = WebXml.instance().isAccessAllowed("/admin.xhtml", "admin");
// Get web.xml configured session timeout (in minutes). int sessionTimeout = WebXml.instance().getSessionTimeout();
Since OmniFaces 3.1, you can if necessary even inject it.
@Inject private WebXml webXml;
- Since:
- 1.2
- Author:
- Bauke Scholtz
- See Also:
WebXmlSingleton
,WebXmlProducer
-
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Modifier and Type Method Description String
findErrorPageLocation(Throwable exception)
Find for the given exception the right error page location.Map<Class<Throwable>,String>
getErrorPageLocations()
Returns a mapping of all error page locations by exception type.String
getFormErrorPage()
Returns the location of the FORM authentication error page, ornull
if it is not defined.String
getFormLoginPage()
Returns the location of the FORM authentication login page, ornull
if it is not defined.Map<String,Set<String>>
getSecurityConstraints()
Returns a mapping of all security constraint URL patterns and the associated roles in the declared order.int
getSessionTimeout()
Returns the configured session timeout in minutes, or-1
if it is not defined.List<String>
getWelcomeFiles()
Returns a list of all welcome files.static WebXml
instance()
Returns the lazily loaded enum singleton instance.boolean
isAccessAllowed(String url, String role)
Returnstrue
if access to the given URL is allowed for the given role.boolean
isDistributable()
Returns whether the distributable flag is set in rootweb.xml
.
-
-
-
Method Detail
-
instance
static WebXml instance()
Returns the lazily loaded enum singleton instance.- Returns:
- The lazily loaded enum singleton instance.
- Since:
- 3.1
-
findErrorPageLocation
String findErrorPageLocation(Throwable exception)
Find for the given exception the right error page location. Exception types are matched as per Servlet 3.0 specification 10.9.2 with the exception that the given exception is already unwrapped:- Make a pass through all specific exception types. If a match is found in the exception class hierarchy, use its location. The closest match in the class hierarchy wins.
- Else use the default error page location, which can be either the java.lang.Throwable or HTTP 500 or default one.
- Parameters:
exception
- The exception to find the error page location for.- Returns:
- The right error page location for the given exception.
-
isAccessAllowed
boolean isAccessAllowed(String url, String role)
Returnstrue
if access to the given URL is allowed for the given role. URL patterns are matched as per Servlet 3.0 specification 12.1:- Make a first pass through all URL patterns. If an exact match is found, then check the role on it.
- Else make a recursive pass through all prefix URL patterns, stepping down the URL one directory at a time, trying to find the longest path match. If it is found, then check the role on it.
- Else if the last segment in the URL path contains an extension, then make a last pass through all suffix URL patterns. If a match is found, then check the role on it.
- Else assume it as unprotected resource and return
true
.
- Parameters:
url
- URL to be checked for access by the given role. It must start with '/' and be context-relative.role
- Role to be checked for access to the given URL.- Returns:
true
if access to the given URL is allowed for the given role, otherwisefalse
.- Throws:
NullPointerException
- If given URL is null.IllegalArgumentException
- If given URL does not start with '/'.- Since:
- 1.4
-
getWelcomeFiles
List<String> getWelcomeFiles()
Returns a list of all welcome files.- Returns:
- A list of all welcome files.
- Since:
- 1.4
-
getErrorPageLocations
Map<Class<Throwable>,String> getErrorPageLocations()
Returns a mapping of all error page locations by exception type. The default location is identified bynull
key.- Returns:
- A mapping of all error page locations by exception type.
-
getFormLoginPage
String getFormLoginPage()
Returns the location of the FORM authentication login page, ornull
if it is not defined.- Returns:
- The location of the FORM authentication login page, or
null
if it is not defined.
-
getFormErrorPage
String getFormErrorPage()
Returns the location of the FORM authentication error page, ornull
if it is not defined.- Returns:
- The location of the FORM authentication error page, or
null
if it is not defined. - Since:
- 1.8
-
getSecurityConstraints
Map<String,Set<String>> getSecurityConstraints()
Returns a mapping of all security constraint URL patterns and the associated roles in the declared order. If the roles isnull
, then it means that no auth constraint is been set (i.e. the resource is publicly accessible). If the roles is empty, then it means that an empty auth constraint is been set (i.e. the resource is in no way accessible).- Returns:
- A mapping of all security constraint URL patterns and the associated roles in the declared order.
- Since:
- 1.4
-
getSessionTimeout
int getSessionTimeout()
Returns the configured session timeout in minutes, or-1
if it is not defined.- Returns:
- The configured session timeout in minutes, or
-1
if it is not defined. - Since:
- 1.7
-
isDistributable
boolean isDistributable()
Returns whether the distributable flag is set in rootweb.xml
.- Returns:
- Whether the distributable flag is set in root
web.xml
. - Since:
- 3.9
-
-