You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by mi...@apache.org on 2019/08/06 19:47:22 UTC

[tomcat] branch BZ-63636/tomcat-8.5.x created (now 08e169e)

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


      at 08e169e  BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

This branch includes the following new commits:

     new 08e169e  BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[tomcat] 01/01: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

Posted by mi...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 08e169e304ae9b010b69846b077344467b3b0457
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Mon Aug 5 21:32:58 2019 +0200

    BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()
---
 java/org/apache/catalina/realm/RealmBase.java     |  9 +++++
 test/org/apache/catalina/realm/TestRealmBase.java | 43 +++++++++++++++++++++++
 webapps/docs/changelog.xml                        |  4 +++
 3 files changed, 56 insertions(+)

diff --git a/java/org/apache/catalina/realm/RealmBase.java b/java/org/apache/catalina/realm/RealmBase.java
index eaa49aa..af32209 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -930,6 +930,15 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
             }
         }
 
+        // Check for a role alias/mapping defined on context level
+        if (getContainer() instanceof Context) {
+            Context context = (Context) getContainer();
+            String realRole = context.findRoleMapping(role);
+            if (realRole != null) {
+                role = realRole;
+            }
+        }
+
         // Should be overridden in JAASRealm - to avoid pretty inefficient conversions
         if (principal == null || role == null) {
             return false;
diff --git a/test/org/apache/catalina/realm/TestRealmBase.java b/test/org/apache/catalina/realm/TestRealmBase.java
index 43b5d77..18be277 100644
--- a/test/org/apache/catalina/realm/TestRealmBase.java
+++ b/test/org/apache/catalina/realm/TestRealmBase.java
@@ -19,7 +19,9 @@ package org.apache.catalina.realm;
 import java.io.IOException;
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.servlet.ServletSecurityElement;
 import javax.servlet.annotation.ServletSecurity;
@@ -789,4 +791,45 @@ public class TestRealmBase {
         Assert.assertFalse(mapRealm.hasResourcePermission(
                 request, response, constraintsDelete, null));
     }
+
+    @Test
+    public void testRoleMapping() throws Exception {
+        Context context = new TesterContext() {
+            private Map<String, String> roleMapping = new HashMap<>();
+
+            public void addRoleMapping(String role, String link) {
+                roleMapping.put(role, link);
+            }
+
+            @Override
+            public String findRoleMapping(String role) {
+                return roleMapping.get(role);
+            }
+        };
+
+        context.addRoleMapping(ROLE2, "very-complex-role-name");
+        // We won't map ROLE3 to "another-very-complex-role-name" to make it fail
+        // intentionally
+
+        TesterMapRealm realm = new TesterMapRealm();
+        MessageDigestCredentialHandler ch = new MessageDigestCredentialHandler();
+        ch.setAlgorithm("SHA");
+        realm.setCredentialHandler(ch);
+        realm.setContainer(context);
+        realm.start();
+
+        realm.addUser(USER1, PWD_SHA);
+        realm.addUserRole(USER1, ROLE1);
+        realm.addUserRole(USER1, "very-complex-role-name");
+        realm.addUserRole(USER1, "another-very-complex-role-name");
+
+        Principal p = realm.authenticate(USER1, PWD);
+
+        Assert.assertNotNull(p);
+        Assert.assertEquals(USER1, p.getName());
+        Assert.assertTrue(realm.hasRole(null, p, ROLE1));
+        Assert.assertTrue(realm.hasRole(null, p, ROLE2));
+        Assert.assertTrue(realm.hasRole(null, p, "very-complex-role-name"));
+        Assert.assertFalse(realm.hasRole(null, p, ROLE3));
+    }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e8704dd..db3d7e5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -47,6 +47,10 @@
 <section name="Tomcat 8.5.44 (markt)" rtext="in development">
   <subsection name="Catalina">
     <changelog>
+      <fix>
+        <bug>63636</bug>: <code>Context.findRoleMapping()</code> never called
+        in <code>RealmBase#hasRole()</code>. (michaelo)
+      </fix>
       <update>
         <bug>63627</bug>: Implement more fine-grained handling in
         <code>RealmBase.authenticate(GSSContext, boolean)</code>. (michaelo)


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org