You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2007/01/20 20:29:22 UTC
svn commit: r498156 - in /geronimo/specs/trunk/geronimo-jacc_1.1_spec/src:
main/java/javax/security/jacc/URLPatternSpec.java
test/java/javax/security/jacc/WebResourcePermissionTest.java
Author: djencks
Date: Sat Jan 20 11:29:22 2007
New Revision: 498156
URL: http://svn.apache.org/viewvc?view=rev&rev=498156
Log:
GERONIMO-2763 allow extension patterns to be qualified by exact patterns. Make the URLPattern tests more systematic and verify all exceptional cases are covered
Modified:
geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/main/java/javax/security/jacc/URLPatternSpec.java
geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/test/java/javax/security/jacc/WebResourcePermissionTest.java
Modified: geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/main/java/javax/security/jacc/URLPatternSpec.java
URL: http://svn.apache.org/viewvc/geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/main/java/javax/security/jacc/URLPatternSpec.java?view=diff&rev=498156&r1=498155&r2=498156
==============================================================================
--- geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/main/java/javax/security/jacc/URLPatternSpec.java (original)
+++ geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/main/java/javax/security/jacc/URLPatternSpec.java Sat Jan 20 11:29:22 2007
@@ -27,6 +27,7 @@
import java.util.Iterator;
import java.util.LinkedList;
+
import javax.servlet.http.HttpServletRequest;
/**
@@ -65,8 +66,8 @@
if (candidate.type == URLPattern.EXACT && !first.matches(candidate)) {
throw new java.lang.IllegalArgumentException("Exact qualifier patterns in the URLPatternSpec must be matched by the first URLPattern");
} else if (candidate.type == URLPattern.PATH_PREFIX
- && !(first.matches(candidate) && first.pattern.length() < candidate.pattern.length()))
- {
+ && !(first.matches(candidate)
+ && first.pattern.length() < candidate.pattern.length())) {
throw new java.lang.IllegalArgumentException("path-prefix qualifier patterns in the URLPatternSpec must be matched by, but different from, the first URLPattern");
} else if (candidate.type == URLPattern.EXTENSION) {
throw new java.lang.IllegalArgumentException("extension qualifier patterns in the URLPatternSpec are not allowed when the first URLPattern is path-prefix");
@@ -77,8 +78,10 @@
// that are matched by the first pattern and path-prefix patterns may
// occur in the URLPatternList.
- if (candidate.type == URLPattern.EXACT && !first.matches(candidate)) {
- throw new java.lang.IllegalArgumentException("Exact qualifier patterns in the URLPatternSpec must be matched when first URLPattern is an extension pattern");
+ if (candidate.type == URLPattern.EXACT) {
+ if (!first.matches(candidate)) {
+ throw new java.lang.IllegalArgumentException("Exact qualifier patterns in the URLPatternSpec must be matched when first URLPattern is an extension pattern");
+ }
} else if (candidate.type != URLPattern.PATH_PREFIX) {
throw new java.lang.IllegalArgumentException("Only exact and path-prefix qualifiers in the URLPatternSpec are allowed when first URLPattern is an extension pattern");
}
@@ -88,6 +91,7 @@
// except the default pattern may occur in the URLPatternList.
if (candidate.type == URLPattern.DEFAULT) {
+ //This is actually tested for by the "qualifier must not match first" rule
throw new java.lang.IllegalArgumentException("Qualifier patterns must not be default when first URLPattern is a default pattern");
}
} else if (first.type == URLPattern.EXACT) {
@@ -95,7 +99,7 @@
// If the first pattern is an exact pattern a URLPatternList
// must not be present in the URLPatternSpec
- throw new java.lang.IllegalArgumentException("Qualifier patterns must be present when first URLPattern is an exact pattern");
+ throw new java.lang.IllegalArgumentException("Qualifier patterns must not be present when first URLPattern is an exact pattern");
}
qualifiers.add(candidate);
Modified: geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/test/java/javax/security/jacc/WebResourcePermissionTest.java
URL: http://svn.apache.org/viewvc/geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/test/java/javax/security/jacc/WebResourcePermissionTest.java?view=diff&rev=498156&r1=498155&r2=498156
==============================================================================
--- geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/test/java/javax/security/jacc/WebResourcePermissionTest.java (original)
+++ geronimo/specs/trunk/geronimo-jacc_1.1_spec/src/test/java/javax/security/jacc/WebResourcePermissionTest.java Sat Jan 20 11:29:22 2007
@@ -53,91 +53,155 @@
* Testing WebResourcePermission(java.lang.String, java.lang.String)
*/
public void testConstructorStringString() {
+ // null URLPatternSpec for a WebResourcePermission
+ try {
+ new WebResourcePermission(null, "GET,POST");
+ fail("null URLPatternSpec for a WebResourcePermission");
+ } catch (IllegalArgumentException iae) {
+ }
- WebResourcePermission permission = new WebResourcePermission("/foo", "GET,POST");
-
- assertTrue(permission.equals(permission));
- assertEquals(permission.getName(), "/foo");
- assertEquals(permission.getActions(), "GET,POST");
-
- permission = new WebResourcePermission("/foo", "GET,POST,POST,GET");
- assertEquals(permission.getActions(), "GET,POST");
-
- permission = new WebResourcePermission("/", "GET,POST");
- permission = new WebResourcePermission("/:/foo", "GET,POST");
- permission = new WebResourcePermission("/:*.asp", "GET,POST");
- permission = new WebResourcePermission("/:/foo:*.asp", "GET,POST");
- permission = new WebResourcePermission("/bar/*", "GET,POST");
- permission = new WebResourcePermission("", "GET,POST");
- permission = new WebResourcePermission("/*", "GET,POST");
- permission = new WebResourcePermission("/*:/bar/stool", "GET,POST");
- permission = new WebResourcePermission("/bar/*:/bar/stool", "GET,POST");
- permission = new WebResourcePermission("/foo", "GET,POST,BAR");
- // bad HTTP method
+ //Default pattern
+ checkPermission(new WebResourcePermission("/", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("/:/foo", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("/:*.asp", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("/:/foo:*.asp", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("/*", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("/*:/bar/stool", "GET,POST"), "GET,POST");
+ //default pattern as qualifier
try {
- permission = new WebResourcePermission("/foo", "GET,POST,B A R");
- fail("Bad HTTP method");
+ new WebResourcePermission("/bar/*:/*", "GET,POST");
+ fail("/*:/");
} catch (IllegalArgumentException iae) {
}
-
- // bad HTTP method for a WebResourcePermission
try {
- permission = new WebResourcePermission("/foo", "GET,POST:INTEGRAL");
+ new WebResourcePermission("/bar/*:/*", "GET,POST");
+ fail("/*:/*");
} catch (IllegalArgumentException iae) {
}
-
- // null URLPatternSpec for a WebResourcePermission
try {
- permission = new WebResourcePermission(null, "GET,POST");
- fail("null URLPatternSpec for a WebResourcePermission");
+ new WebResourcePermission("/bar/*:/*", "GET,POST");
+ fail("/:/");
+ } catch (IllegalArgumentException iae) {
+ }
+ try {
+ new WebResourcePermission("/bar/*:/*", "GET,POST");
+ fail("/:/*");
} catch (IllegalArgumentException iae) {
}
+ //Exact pattern
+ checkPermission(new WebResourcePermission("/foo", "GET,POST"), "GET,POST");
// missing qualifiers
try {
- permission = new WebResourcePermission("/foo:", "GET,POST");
+ new WebResourcePermission("/foo:", "GET,POST");
fail("/foo:");
} catch (IllegalArgumentException iae) {
}
- // qualifer provided when first pattern isn't path-prefix
+ // qualifer provided when first pattern is exact
try {
- permission = new WebResourcePermission("/foo:/foo/bar", "GET,POST");
+ new WebResourcePermission("/foo:/foo/bar", "GET,POST");
fail("/foo:/foo/bar");
} catch (IllegalArgumentException iae) {
}
-
+ //default pattern as a qualifier
try {
- permission = new WebResourcePermission("/foo/*:*.asp", "GET,POST");
- fail("/foo/*:*.asp");
+ new WebResourcePermission("/foo:/", "GET,POST");
+ fail("/foo:/");
} catch (IllegalArgumentException iae) {
}
+
+ //Path prefix pattern
+ checkPermission(new WebResourcePermission("/bar/*", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("/bar/*:/bar/stool", "GET,POST"), "GET,POST");
try {
- permission = new WebResourcePermission("/foo:/", "GET,POST");
- fail("/foo:/");
+ new WebResourcePermission("/foo/*:*.asp", "GET,POST");
+ fail("/foo/*:*.asp");
} catch (IllegalArgumentException iae) {
}
-
+ //first pattern doesn't match qualifier
try {
- permission = new WebResourcePermission("/bar/*:/cat/stool/*", "GET,POST");
+ new WebResourcePermission("/bar/*:/cat/stool/*", "GET,POST");
fail("/bar/*:/cat/stool/*");
} catch (IllegalArgumentException iae) {
}
+ try {
+ new WebResourcePermission("/bar/stool/*:/bar", "GET,POST");
+ fail("/bar/stool/*:/bar");
+ } catch (IllegalArgumentException iae) {
+ }
+ try {
+ new WebResourcePermission("/bar/stool/*:/bar/*", "GET,POST");
+ fail("/bar/stool/*:/bar/stool/*");
+ } catch (IllegalArgumentException iae) {
+ }
+ //qualifier is same as first pattern
+ try {
+ new WebResourcePermission("/bar/stool/*:/bar/stool/*", "GET,POST");
+ fail("/bar/stool/*:/bar/stool/*");
+ } catch (IllegalArgumentException iae) {
+ }
+ //default pattern as qualifier
try {
- permission = new WebResourcePermission("/bar/*:/*", "GET,POST");
+ new WebResourcePermission("/bar/*:/*", "GET,POST");
fail("/bar/*:/");
} catch (IllegalArgumentException iae) {
}
+
+ //Extension pattern
+ checkPermission(new WebResourcePermission("*.do", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("*.do:/login.do", "GET,POST"), "GET,POST");
+ checkPermission(new WebResourcePermission("*.do:/foo/*", "GET,POST"), "GET,POST");
+
+ //default pattern as qualifier
try {
- permission = new WebResourcePermission("/bar/stool/*:/bar", "GET,POST");
- fail("/bar/stool/*:/bar");
+ new WebResourcePermission("*.do:/*", "GET,POST");
+ fail("*.do:/*");
} catch (IllegalArgumentException iae) {
}
+ //qualifier is extension pattern
+ try {
+ new WebResourcePermission("*.do:*.jsp", "GET,POST");
+ fail("*.do:/*");
+ } catch (IllegalArgumentException iae) {
+ }
+ //qualifier is exact and does not match first pattern
+ try {
+ new WebResourcePermission("*.do:/login", "GET,POST");
+ fail("*.do:/*");
+ } catch (IllegalArgumentException iae) {
+ }
+
+ //HTTP method
+ checkPermission(new WebResourcePermission("/foo", "GET,POST,POST,GET"), "GET,POST");
+ checkPermission(new WebResourcePermission("/foo", "GET,POST,BAR"), "GET,POST,BAR");
+ try {
+ new WebResourcePermission("/foo", "GET,POST,B A R");
+ fail("Bad HTTP method");
+ } catch (IllegalArgumentException iae) {
+ }
+
+ // bad HTTP method for a WebResourcePermission
+ try {
+ new WebResourcePermission("/foo", "GET,POST:INTEGRAL");
+ fail("integrity constraint in a WebResourcePermission accepted");
+ } catch (IllegalArgumentException iae) {
+ }
+
+
+
+
+ }
+
+ private void checkPermission(Permission permission, String actions) {
+ assertTrue(permission.equals(permission));
+ assertEquals(actions, permission.getActions());
}
public void testExcluded() {