代码优化

servlet-core/src/main/java/tech/smartboot/servlet/Container.java

@@ -414,6 +414,8 @@ private ServletContextRuntime getServletRuntime(String localPath, String context
 
         webAppInfo.getMimeMappings().forEach((key, value) -> servletRuntime.getServletContext().putMimeTypes(key, value));
 
+        webAppInfo.getSecurityConstraints().forEach(deploymentInfo::addSecurityConstraint);
+
         deploymentInfo.setContextUrl(contextFile.toURI().toURL());
 
         //如果 web.xml 描述符中的 metadata-complete 元素设置为 true，

servlet-core/src/main/java/tech/smartboot/servlet/DefaultServlet.java

@@ -233,7 +233,7 @@ private String matchForwardWelcome(HttpServletRequest request) throws MalformedU
                     return uri + file;
                 }
                 //是否匹配 Servlet url-pattern
-                if (deploymentInfo.getServletMappings().stream().anyMatch(mapping -> mapping.getMapping().equals("/" + file))) {
+                if (deploymentInfo.getServletMappings().stream().anyMatch(mapping -> mapping.getUrlPattern().equals("/" + file))) {
                     return file;
                 }
             }

servlet-core/src/main/java/tech/smartboot/servlet/ServletContextRuntime.java

@@ -186,7 +186,7 @@ private void newServletsInstance(DeploymentInfo deploymentInfo) throws Instantia
             servletInfo.setServlet(servlet);
         }
         //绑定 default Servlet
-        if (deploymentInfo.getServletMappings().stream().noneMatch(mapping -> mapping.getMapping().equals("/"))) {
+        if (deploymentInfo.getServletMappings().stream().noneMatch(mapping -> mapping.getUrlPattern().equals("/"))) {
             ServletInfo servletInfo = new ServletInfo();
             servletInfo.setServletName(ServletInfo.DEFAULT_SERVLET_NAME);
             servletInfo.setServlet(new DefaultServlet(deploymentInfo));

servlet-core/src/main/java/tech/smartboot/servlet/WebXmlParseEngine.java

@@ -26,6 +26,7 @@
 import tech.smartboot.servlet.conf.SecurityConstraint;
 import tech.smartboot.servlet.conf.ServletInfo;
 import tech.smartboot.servlet.conf.ServletMappingInfo;
+import tech.smartboot.servlet.conf.UrlPattern;
 import tech.smartboot.servlet.conf.WebAppInfo;
 import tech.smartboot.servlet.conf.WebFragmentInfo;
 import tech.smartboot.servlet.enums.FilterMappingType;
@@ -366,7 +367,7 @@ private void parseSecurityConstraint(WebAppInfo webAppInfo, Element parentElemen
             Node webResourceCollection = Objects.requireNonNull(getChildNode(node, "web-resource-collection"));
 //            Map<String, List<String>> data = getNodeValues(webResourceCollection, Arrays.asList("web-resource-name", "url-pattern", "http-method"));
             securityConstraint.getHttpMethods().addAll(getNodeValues(webResourceCollection, "http-method"));
-            securityConstraint.getUrlPatterns().addAll(getNodeValues(webResourceCollection, "url-pattern"));
+            getNodeValues(webResourceCollection, "url-pattern").forEach(urlPattern -> securityConstraint.getUrlPatterns().add(new UrlPattern(urlPattern)));
 //            securityConstraint.getResourceNames().addAll(getNodeValues(webResourceCollection, "web-resource-name"));
 
 
@@ -379,6 +380,7 @@ private void parseSecurityConstraint(WebAppInfo webAppInfo, Element parentElemen
             if (userDataConstraint != null) {
                 securityConstraint.getTransportGuarantees().addAll(getNodeValues(userDataConstraint, "transport-guarantee"));
             }
+            webAppInfo.getSecurityConstraints().add(securityConstraint);
         }
     }
 

servlet-core/src/main/java/tech/smartboot/servlet/conf/DeploymentInfo.java

@@ -64,6 +64,7 @@ public class DeploymentInfo {
     private List<String> welcomeFiles = Collections.emptyList();
     private final Set<String> securityRoles = new HashSet<>();
     private final Map<String, String> localeEncodingMappings = new HashMap<>();
+    private final List<SecurityConstraint> securityConstraints = new ArrayList<>();
     private final ClassLoader classLoader;
     private String displayName;
     private URL contextUrl;
@@ -123,6 +124,14 @@ public Map<String, ServletInfo> getServlets() {
         return servlets;
     }
 
+    public void addSecurityConstraint(SecurityConstraint securityConstraint) {
+        securityConstraints.add(securityConstraint);
+    }
+
+    public List<SecurityConstraint> getSecurityConstraints() {
+        return securityConstraints;
+    }
+
     public void addErrorPage(final ErrorPageInfo servlet) {
         if (servlet.getErrorCode() != null) {
             errorStatusPages.put(servlet.getErrorCode(), servlet);

servlet-core/src/main/java/tech/smartboot/servlet/conf/FilterMappingInfo.java

@@ -11,38 +11,27 @@
 package tech.smartboot.servlet.conf;
 
 import jakarta.servlet.DispatcherType;
-import jakarta.servlet.http.MappingMatch;
 import tech.smartboot.servlet.enums.FilterMappingType;
-import tech.smartboot.servlet.util.PathMatcherUtil;
 
 import java.util.Set;
 
 /**
  * @author 三刀
  * @version V1.0 , 2020/11/14
  */
-public class FilterMappingInfo {
+public class FilterMappingInfo extends UrlPattern {
 
     private final String filterName;
     private final FilterMappingType mappingType;
     private final Set<DispatcherType> dispatcher;
-    private final MappingMatch mappingMatch;
-    private final String urlPattern;
     private final String servletNameMapping;
 
     public FilterMappingInfo(final String filterName, final FilterMappingType mappingType, final String servletNameMapping, String urlPattern, final Set<DispatcherType> dispatcher) {
+        super(urlPattern);
         this.filterName = filterName;
         this.mappingType = mappingType;
         this.servletNameMapping = servletNameMapping;
         this.dispatcher = dispatcher;
-        if (mappingType == FilterMappingType.URL) {
-            this.urlPattern = PathMatcherUtil.getUrlPattern(urlPattern);
-            this.mappingMatch = PathMatcherUtil.getMappingType(this.urlPattern);
-        } else {
-            this.urlPattern = null;
-            this.mappingMatch = null;
-        }
-
     }
 
     public FilterMappingType getMappingType() {
@@ -61,11 +50,4 @@ public String getFilterName() {
         return filterName;
     }
 
-    public String getUrlPattern() {
-        return urlPattern;
-    }
-
-    public MappingMatch getMappingMatch() {
-        return mappingMatch;
-    }
 }

servlet-core/src/main/java/tech/smartboot/servlet/conf/SecurityConstraint.java

@@ -15,13 +15,13 @@
 
 public class SecurityConstraint {
     //    private final List<String> resourceNames = new ArrayList<>();
-    private final List<String> urlPatterns = new ArrayList<>();
+    private final List<UrlPattern> urlPatterns = new ArrayList<>();
     private final List<String> httpMethods = new ArrayList<>();
 
     private final List<String> roleNames = new ArrayList<>();
     private final List<String> transportGuarantees = new ArrayList<>();
 
-    public List<String> getUrlPatterns() {
+    public List<UrlPattern> getUrlPatterns() {
         return urlPatterns;
     }
 

servlet-core/src/main/java/tech/smartboot/servlet/conf/ServletMappingInfo.java

@@ -10,33 +10,18 @@
 
 package tech.smartboot.servlet.conf;
 
-import jakarta.servlet.http.MappingMatch;
-import tech.smartboot.servlet.util.PathMatcherUtil;
-
 /**
  * @author 三刀
  * @version V1.0 , 2020/10/11
  */
-public class ServletMappingInfo {
+public class ServletMappingInfo extends UrlPattern {
     private final String servletName;
-    private final String mapping;
-    private final MappingMatch mappingType;
 
     public ServletMappingInfo(String servletName, String mapping) {
-        this.mapping = PathMatcherUtil.getUrlPattern(mapping);
+        super(mapping);
         this.servletName = servletName;
-        this.mappingType = PathMatcherUtil.getMappingType(this.mapping);
-    }
-
-    public String getMapping() {
-        return mapping;
     }
 
-    public MappingMatch getMappingType() {
-        return mappingType;
-    }
-
-
     public String getServletName() {
         return servletName;
     }

servlet-core/src/main/java/tech/smartboot/servlet/conf/UrlPattern.java

@@ -0,0 +1,38 @@
+/*
+ *  Copyright (C) [2022] smartboot [[email protected]]
+ *
+ *  企业用户未经smartboot组织特别许可，需遵循AGPL-3.0开源协议合理合法使用本项目。
+ *
+ *   Enterprise users are required to use this project reasonably
+ *   and legally in accordance with the AGPL-3.0 open source agreement
+ *  without special permission from the smartboot organization.
+ */
+
+package tech.smartboot.servlet.conf;
+
+import jakarta.servlet.http.MappingMatch;
+import tech.smartboot.servlet.util.PathMatcherUtil;
+
+public class UrlPattern {
+    private final String urlPattern;
+    private final MappingMatch mappingMatch;
+
+    public UrlPattern(String urlPattern) {
+        if (urlPattern == null) {
+            this.urlPattern = null;
+            this.mappingMatch = null;
+        } else {
+            this.urlPattern = PathMatcherUtil.getUrlPattern(urlPattern);
+            this.mappingMatch = PathMatcherUtil.getMappingType(this.urlPattern);
+        }
+
+    }
+
+    public String getUrlPattern() {
+        return urlPattern;
+    }
+
+    public MappingMatch getMappingMatch() {
+        return mappingMatch;
+    }
+}

servlet-core/src/main/java/tech/smartboot/servlet/handler/FilterMatchHandler.java

@@ -84,7 +84,7 @@ private List<FilterInfo> matchFilters(HandlerContext handlerContext) {
                 if (request.getDispatcherType() == DispatcherType.INCLUDE) {
                     requestURI = (String) request.getAttribute(RequestDispatcher.INCLUDE_REQUEST_URI);
                 }
-                if (PathMatcherUtil.matches(requestURI, contextPath.length(), mappingInfo) > -1) {
+                if (PathMatcherUtil.matches(requestURI, contextPath.length(), mappingInfo)) {
                     filters.add(handlerContext.getServletContext().getDeploymentInfo().getFilters().get(mappingInfo.getFilterName()));
                 }
             } else if (mappingInfo.getMappingType() == FilterMappingType.SERVLET) {

servlet-core/src/main/java/tech/smartboot/servlet/handler/SecurityHandler.java

@@ -11,13 +11,34 @@
 package tech.smartboot.servlet.handler;
 
 import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import tech.smartboot.servlet.conf.SecurityConstraint;
+import tech.smartboot.servlet.conf.UrlPattern;
+import tech.smartboot.servlet.util.PathMatcherUtil;
 
 import java.io.IOException;
 
 public class SecurityHandler extends Handler {
     @Override
     public void handleRequest(HandlerContext handlerContext) throws ServletException, IOException {
-
+        HttpServletRequest request = (HttpServletRequest) handlerContext.getRequest();
+        for (SecurityConstraint securityConstraint : handlerContext.getServletContext().getDeploymentInfo().getSecurityConstraints()) {
+            boolean match = false;
+            for (UrlPattern urlPattern : securityConstraint.getUrlPatterns()) {
+                if (PathMatcherUtil.matches((HttpServletRequest) handlerContext.getRequest(), urlPattern)) {
+                    match = true;
+                    break;
+                }
+            }
+            if (!match) {
+                continue;
+            }
+            if (!securityConstraint.getHttpMethods().isEmpty() && !securityConstraint.getHttpMethods().contains(request.getMethod())) {
+                ((HttpServletResponse) handlerContext.getResponse()).sendError(403);
+                return;
+            }
+        }
         doNext(handlerContext);
     }
 }

servlet-core/src/main/java/tech/smartboot/servlet/impl/ApplicationServletRegistration.java

@@ -68,7 +68,7 @@ public void setAsyncSupported(boolean isAsyncSupported) {
     public Set<String> addMapping(String... urlPatterns) {
         //If any of the specified URL patterns are already mapped to a different Servlet, no updates will be performed.
         Set<String> mappingSet = new HashSet<>(Arrays.asList(urlPatterns));
-        Set<String> existingMapping = deploymentInfo.getServletMappings().stream().map(ServletMappingInfo::getMapping).filter(mappingSet::contains).collect(Collectors.toSet());
+        Set<String> existingMapping = deploymentInfo.getServletMappings().stream().map(ServletMappingInfo::getUrlPattern).filter(mappingSet::contains).collect(Collectors.toSet());
         if (!existingMapping.isEmpty()) {
             //the (possibly empty) Set of URL patterns that are already mapped to a different Servlet
             return existingMapping;
@@ -81,7 +81,7 @@ public Set<String> addMapping(String... urlPatterns) {
 
     @Override
     public Collection<String> getMappings() {
-        return deploymentInfo.getServletMappings().stream().filter(mapping -> mapping.getServletName().equals(servletInfo.getServletName())).map(ServletMappingInfo::getMapping).collect(Collectors.toList());
+        return deploymentInfo.getServletMappings().stream().filter(mapping -> mapping.getServletName().equals(servletInfo.getServletName())).map(ServletMappingInfo::getUrlPattern).collect(Collectors.toList());
     }
 
     @Override

servlet-core/src/main/java/tech/smartboot/servlet/impl/HttpServletMappingImpl.java

@@ -32,7 +32,7 @@ public String getMatchValue() {
 
     @Override
     public String getPattern() {
-        return servletMappingInfo.getMapping();
+        return servletMappingInfo.getUrlPattern();
     }
 
     @Override

servlet-core/src/main/java/tech/smartboot/servlet/impl/HttpServletRequestImpl.java

@@ -315,17 +315,17 @@ private void initPath() {
             return;
         }
         pathInit = true;
-        switch (servletMappingInfo.getMappingType()) {
+        switch (servletMappingInfo.getMappingMatch()) {
             case EXACT -> {
-                servletPath = servletMappingInfo.getMapping();
+                servletPath = servletMappingInfo.getUrlPattern();
                 pathInfo = null;
             }
             case EXTENSION -> {
                 servletPath = getRequestURI().substring(getContextPath().length());
                 pathInfo = null;
             }
             case PATH -> {
-                servletPath = servletMappingInfo.getMapping().substring(0, servletMappingInfo.getMapping().length() - 2);
+                servletPath = servletMappingInfo.getUrlPattern().substring(0, servletMappingInfo.getUrlPattern().length() - 2);
                 if (getContextPath().length() + servletPath.length() < getRequestURI().length()) {
                     pathInfo = getRequestURI().substring(getContextPath().length() + servletPath.length());
                 }
@@ -387,34 +387,34 @@ public HttpServletMapping getHttpServletMapping() {
             return null;
         }
         String matchValue;
-        MappingMatch mappingMatch = servletMappingInfo.getMappingType();
-        switch (servletMappingInfo.getMappingType()) {
+        MappingMatch mappingMatch = servletMappingInfo.getMappingMatch();
+        switch (servletMappingInfo.getMappingMatch()) {
             case DEFAULT:
                 matchValue = "";
                 if (StringUtils.isBlank(servletContext.getContextPath())) {
                     mappingMatch = MappingMatch.CONTEXT_ROOT;
                 }
                 break;
             case EXACT:
-                matchValue = servletMappingInfo.getMapping();
+                matchValue = servletMappingInfo.getUrlPattern();
                 if (matchValue.startsWith("/")) {
                     matchValue = matchValue.substring(1);
                 }
                 break;
             case PATH:
                 String servletPath = getServletPath();
-                if (servletMappingInfo.getMapping().length() >= servletPath.length() + 2) {
+                if (servletMappingInfo.getUrlPattern().length() >= servletPath.length() + 2) {
                     matchValue = "";
                 } else {
-                    matchValue = getServletPath().substring(servletMappingInfo.getMapping().length() - 1);
+                    matchValue = getServletPath().substring(servletMappingInfo.getUrlPattern().length() - 1);
                 }
 
                 if (matchValue.startsWith("/")) {
                     matchValue = matchValue.substring(1);
                 }
                 break;
             case EXTENSION:
-                matchValue = getServletPath().substring(getServletPath().charAt(0) == '/' ? 1 : 0, getServletPath().length() - servletMappingInfo.getMapping().length() + 1);
+                matchValue = getServletPath().substring(getServletPath().charAt(0) == '/' ? 1 : 0, getServletPath().length() - servletMappingInfo.getUrlPattern().length() + 1);
                 break;
             default:
                 throw new IllegalStateException();

servlet-core/src/main/java/tech/smartboot/servlet/plugins/dispatcher/RequestDispatcherImpl.java

@@ -182,15 +182,15 @@ public void include(ServletRequest request, ServletResponse response) throws Ser
     }
 
     private String getServerPath(ServletMappingInfo servletMappingInfo, String requestUri) {
-        switch (servletMappingInfo.getMappingType()) {
+        switch (servletMappingInfo.getMappingMatch()) {
             case EXACT -> {
-                return servletMappingInfo.getMapping();
+                return servletMappingInfo.getUrlPattern();
             }
             case EXTENSION -> {
                 return requestUri.substring(servletContext.getContextPath().length());
             }
             case PATH -> {
-                return servletMappingInfo.getMapping().substring(0, servletMappingInfo.getMapping().length() - 2);
+                return servletMappingInfo.getUrlPattern().substring(0, servletMappingInfo.getUrlPattern().length() - 2);
             }
         }
         return null;