Fixes #4438 - Add security constraints to SecurityManager API (#4439)

.gitignore

@@ -16,3 +16,4 @@ dist/server/tmp/
 dist/platform/tmp/
 .flattened-pom.xml
 bin/
+piranha.pid

core/api/src/main/java/cloud/piranha/core/api/SecurityConstraint.java

@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2002-2024 Manorrock.com. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice,
+ *      this list of conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *   3. Neither the name of the copyright holder nor the names of its
+ *      contributors may be used to endorse or promote products derived from
+ *      this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+package cloud.piranha.core.api;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * A security constraint.
+ * 
+ * @author Manfred Riem (mriem@manorrock.com)
+ */
+public class SecurityConstraint {
+
+    /**
+     * Stores the role names.
+     */
+    private List<String> roleNames;
+
+    /**
+     * Stores the security web resource collections.
+     */
+    private List<SecurityWebResourceCollection> securityWebResourceCollections;
+
+    /**
+     * Stores the transport guarantee.
+     */
+    private String transportGuarantee;
+
+    /**
+     * Constructor.
+     */
+    public SecurityConstraint() {
+        roleNames = new ArrayList<>();
+        securityWebResourceCollections = new ArrayList<>();
+        transportGuarantee = "NONE";
+    }
+
+    /**
+     * Get the role names.
+     * 
+     * @return the role names.
+     */
+    public List<String> getRoleNames() {
+        return roleNames;
+    }
+
+    /**
+     * Get the security web resource collection.
+     * 
+     * @return the security web resource collection.
+     */
+    public List<SecurityWebResourceCollection> getSecurityWebResourceCollections() {
+        return securityWebResourceCollections;
+    }
+
+    /**
+     * Get the transport guarantee.
+     * 
+     * @return the transport guarantee.
+     */
+    public String getTransportGuarantee() {
+        return transportGuarantee;
+    }
+
+    /**
+     * Set the role names.
+     * 
+     * @param roleNames the role names.
+     */
+    public void setRoleNames(List<String> roleNames) {
+        this.roleNames = roleNames;
+    }
+
+    /**
+     * Set the security web resource collections.
+     * 
+     * @param securityWebResourceCollections the security web resource collections.
+     */
+    public void setSecurityWebResourceCollections(
+            List<SecurityWebResourceCollection> securityWebResourceCollections) {
+        this.securityWebResourceCollections = securityWebResourceCollections;
+    }
+
+    /**
+     * Set the transport guarantee.
+     * 
+     * @param transportGuarantee the transport guarantee.
+     */
+    public void setTransportGuarantee(String transportGuarantee) {
+        this.transportGuarantee = transportGuarantee;
+    }
+}

core/api/src/main/java/cloud/piranha/core/api/SecurityManager.java

@@ -32,6 +32,7 @@
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Collection;
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -201,6 +202,13 @@ default String getRealmName() {
      * @return the roles
      */
     Set<String> getRoles();
+
+    /**
+     * Get the security constraints.
+     * 
+     * @return the security constraints.
+     */
+    List<SecurityConstraint> getSecurityConstraints();
 
     /**
      * Get the handler that may be used by the login method to contact an
@@ -350,6 +358,13 @@ default void setFormLoginPage(String formLoginPage) {
      */
     default void setRealmName(String realmName) {
     }
+
+    /**
+     * Set the security constraints.
+     * 
+     * @param securityConstraints the security constraints.
+     */
+    void setSecurityConstraints(List<SecurityConstraint> securityConstraints);
 
     /**
      * Set the handler that may be used by the login method to contact an

core/api/src/main/java/cloud/piranha/core/api/SecurityWebResourceCollection.java

@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2002-2024 Manorrock.com. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice,
+ *      this list of conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *   3. Neither the name of the copyright holder nor the names of its
+ *      contributors may be used to endorse or promote products derived from
+ *      this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package cloud.piranha.core.api;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * A security web resource collection.
+ * 
+ * @author Manfred Riem (mriem@manorrock.com)
+ */
+public class SecurityWebResourceCollection {
+
+    /**
+     * Stores the HTTP methods.
+     */
+    private List<String> httpMethods;
+
+    /**
+     * Stores the HTTP method omissions.
+     */
+    private List<String> httpMethodOmissions;
+
+    /**
+     * Stores the URL patterns.
+     */
+    private List<String> urlPatterns;
+
+    /**
+     * Constructor.
+     */
+    public SecurityWebResourceCollection() {
+        this.httpMethods = new ArrayList<>();
+        this.httpMethodOmissions = new ArrayList<>();
+        this.urlPatterns = new ArrayList<>();
+    }
+
+    /**
+     * Get the HTTP methods.
+     * 
+     * @return the HTTP methods.
+     */
+    public List<String> getHttpMethods() {
+        return httpMethods;
+    }
+
+    /**
+     * Get the HTTP method omissions.
+     * 
+     * @return the HTTP method omissions.
+     */
+    public List<String> getHttpMethodOmissions() {
+        return httpMethodOmissions;
+    }
+
+    /**
+     * Get the URL patterns.
+     * 
+     * @return the URL patterns.
+     */
+    public List<String> getUrlPatterns() {
+        return urlPatterns;
+    }
+
+    /**
+     * Set the HTTP methods.
+     * 
+     * @param httpMethods the HTTP methods.
+     */
+    public void setHttpMethods(List<String> httpMethods) {
+        this.httpMethods = httpMethods;
+    }
+
+    /**
+     * Set the HTTP method omissions.
+     * 
+     * @param httpMethodOmissions the HTTP method omissions.
+     */
+    public void setHttpMethodOmissions(List<String> httpMethodOmissions) {
+        this.httpMethodOmissions = httpMethodOmissions;
+    }
+
+    /**
+     * Set the URL patterns.
+     * 
+     * @param urlPatterns the URL patterns.
+     */
+    public void setUrlPatterns(List<String> urlPatterns) {
+        this.urlPatterns = urlPatterns;
+    }
+}

core/impl/pom.xml

@@ -13,7 +13,41 @@
     <packaging>jar</packaging>
 
     <name>Piranha - Core - Implementation</name>
-
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.jacoco</groupId>
+                <artifactId>jacoco-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>check</id>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <rule>
+                                    <element>BUNDLE</element>
+                                    <limits>
+                                        <limit>
+                                            <counter>INSTRUCTION</counter>
+                                            <value>COVEREDRATIO</value>
+                                            <minimum>0.72</minimum>
+                                        </limit>
+                                        <limit>
+                                            <counter>BRANCH</counter>
+                                            <value>COVEREDRATIO</value>
+                                            <minimum>0.59</minimum>
+                                        </limit>
+                                    </limits>
+                                </rule>
+                            </rules>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
     <dependencyManagement>
         <dependencies>
             <dependency>
@@ -50,19 +84,16 @@
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
             <scope>test</scope>
-            <version>5.10.3</version>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
             <scope>test</scope>
-            <version>5.10.3</version>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
             <scope>test</scope>
-            <version>5.10.3</version>
         </dependency>
     </dependencies>
     <distributionManagement>