urlPatterns.addAll(webResources.getUrlPatterns());
}
}
for (final ServletInfo servlet : deployment.getDeploymentInfo().getServlets().values()) {
final ServletSecurityInfo securityInfo = servlet.getServletSecurityInfo();
if (securityInfo != null) {
final Set<String> mappings = new HashSet<String>(servlet.getMappings());
mappings.removeAll(urlPatterns);
if (!mappings.isEmpty()) {
final Set<String> methods = new HashSet<String>();
for (HttpMethodSecurityInfo method : securityInfo.getHttpMethodSecurityInfo()) {
methods.add(method.getMethod());
if (method.getRolesAllowed().isEmpty() && method.getEmptyRoleSemantic() == EmptyRoleSemantic.PERMIT) {
//this is an implict allow
continue;
}
SecurityConstraint newConstraint = new SecurityConstraint()
.addRolesAllowed(method.getRolesAllowed())
.setTransportGuaranteeType(method.getTransportGuaranteeType())
.addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings)
.addHttpMethod(method.getMethod()));
builder.addSecurityConstraint(newConstraint);
}
//now add the constraint, unless it has all default values and method constrains where specified
if (!securityInfo.getRolesAllowed().isEmpty()
|| securityInfo.getEmptyRoleSemantic() != EmptyRoleSemantic.PERMIT
|| methods.isEmpty()) {
SecurityConstraint newConstraint = new SecurityConstraint()
.setEmptyRoleSemantic(securityInfo.getEmptyRoleSemantic())
.addRolesAllowed(securityInfo.getRolesAllowed())
.setTransportGuaranteeType(securityInfo.getTransportGuaranteeType())
.addWebResourceCollection(new WebResourceCollection().addUrlPatterns(mappings)
.addHttpMethodOmissions(methods));
builder.addSecurityConstraint(newConstraint);
}
}