You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/03/03 14:24:16 UTC
svn commit: r1785310 - in /tomcat/trunk:
java/org/apache/catalina/realm/RealmBase.java webapps/docs/changelog.xml
Author: markt
Date: Fri Mar 3 14:24:16 2017
New Revision: 1785310
URL: http://svn.apache.org/viewvc?rev=1785310&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60469
Refactor RealmBase for better code re-use when implementing Realms that use a custom Principal.
Modified:
tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1785310&r1=1785309&r2=1785310&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Fri Mar 3 14:24:16 2017
@@ -913,30 +913,32 @@ public abstract class RealmBase extends
/**
* Return <code>true</code> if the specified Principal has the specified
* security role, within the context of this Realm; otherwise return
- * <code>false</code>. This method can be overridden by Realm
- * implementations, but the default is adequate when an instance of
- * <code>GenericPrincipal</code> is used to represent authenticated
- * Principals from this Realm.
+ * <code>false</code>. This method or {@link #hasRoleInternal(Principal,
+ * String)} can be overridden by Realm implementations, but the default is
+ * adequate when an instance of <code>GenericPrincipal</code> is used to
+ * represent authenticated Principals from this Realm.
*
+ * @param wrapper The servlet to which the current request is mapped
* @param principal Principal for whom the role is to be checked
- * @param role Security role to be checked
+ * @param role Security role to be checked
*/
@Override
public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
// Check for a role alias defined in a <security-role-ref> element
if (wrapper != null) {
String realRole = wrapper.findSecurityReference(role);
- if (realRole != null)
+ if (realRole != null) {
role = realRole;
+ }
}
// Should be overridden in JAASRealm - to avoid pretty inefficient conversions
- if ((principal == null) || (role == null) ||
- !(principal instanceof GenericPrincipal))
+ if (principal == null || role == null) {
return false;
+ }
+
+ boolean result = hasRoleInternal(principal, role);
- GenericPrincipal gp = (GenericPrincipal) principal;
- boolean result = gp.hasRole(role);
if (log.isDebugEnabled()) {
String name = principal.getName();
if (result)
@@ -944,8 +946,30 @@ public abstract class RealmBase extends
else
log.debug(sm.getString("realmBase.hasRoleFailure", name, role));
}
- return (result);
+ return result;
+ }
+
+
+ /**
+ * Return <code>true</code> if the specified Principal has the specified
+ * security role, within the context of this Realm; otherwise return
+ * <code>false</code>. This method or {@link #hasRoleInternal(Principal,
+ * String)} can be overridden by Realm implementations, but the default is
+ * adequate when an instance of <code>GenericPrincipal</code> is used to
+ * represent authenticated Principals from this Realm.
+ *
+ * @param principal Principal for whom the role is to be checked
+ * @param role Security role to be checked
+ */
+ protected boolean hasRoleInternal(Principal principal, String role) {
+ // Should be overridden in JAASRealm - to avoid pretty inefficient conversions
+ if (!(principal instanceof GenericPrincipal)) {
+ return false;
+ }
+
+ GenericPrincipal gp = (GenericPrincipal) principal;
+ return gp.hasRole(role);
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1785310&r1=1785309&r2=1785310&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Mar 3 14:24:16 2017
@@ -48,6 +48,11 @@
<subsection name="Catalina">
<changelog>
<fix>
+ <bug>60469</bug>: Refactor <code>RealmBase</code> for better code re-use
+ when implementing Realms that use a custom <code>Principal</code>.
+ (markt)
+ </fix>
+ <fix>
<bug>60490</bug>: Various formatting and layout improvements for the
<code>ErrorReportValve</code>. Patch provided by Michael Osipov. (markt)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org