ServletContextHandler.java 文件源码-java代码片段

/**
 * Delegate for ServletRegistration.Dynamic.setServletSecurity method
 * @param registration ServletRegistration.Dynamic instance that setServletSecurity was called on
 * @param servletSecurityElement new security info
 * @return the set of exact URL mappings currently associated with the registration that are also present in the web.xml
 * security constraints and thus will be unaffected by this call.
 */
public Set<String> setServletSecurity(ServletRegistration.Dynamic registration, ServletSecurityElement servletSecurityElement)
{
    //Default implementation is to just accept them all. If using a webapp, then this behaviour is overridden in WebAppContext.setServletSecurity       
    Collection<String> pathSpecs = registration.getMappings();
    if (pathSpecs != null)
    {
        for (String pathSpec:pathSpecs)
        {
            List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath(registration.getName(), pathSpec, servletSecurityElement);
            for (ConstraintMapping m:mappings)
                ((ConstraintAware)getSecurityHandler()).addConstraintMapping(m);
        }
    }
    return Collections.emptySet();
}