You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by fs...@apache.org on 2020/06/02 10:08:26 UTC

[tomcat] branch 8.5.x updated: Re-use roles and groups defined on users on MemoryUserDatabase creation

This is an automated email from the ASF dual-hosted git repository.

fschumacher pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 61e533f  Re-use roles and groups defined on users on MemoryUserDatabase creation
61e533f is described below

commit 61e533f322f33de6cb4c78e9116baff22b880021
Author: Felix Schumacher <fs...@apache.org>
AuthorDate: Thu May 14 20:19:18 2020 +0200

    Re-use roles and groups defined on users on MemoryUserDatabase creation
    
    When the XML file for MemoryUserDatabse is digested, the order of the
    elements was important. It had to be roles, groups and than users.
    With this patch the order of the elements is not important anymore.
    If a user element defined a role or group before the corresponding
    role or group element, we now will re-use that element and add a
    possibly missing description.
    
    Bugzilla Id: 64442
---
 conf/tomcat-users.xsd                                 | 12 ++++++------
 .../org/apache/catalina/users/MemoryUserDatabase.java | 19 ++++++++++++++++---
 webapps/docs/changelog.xml                            |  4 ++++
 3 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/conf/tomcat-users.xsd b/conf/tomcat-users.xsd
index 948bd01..6a3446c 100644
--- a/conf/tomcat-users.xsd
+++ b/conf/tomcat-users.xsd
@@ -24,21 +24,21 @@
            version="1.0">
   <xs:element name="tomcat-users">
     <xs:complexType>
-      <xs:sequence>
-        <xs:element name="role" minOccurs="0" maxOccurs="unbounded">
+      <xs:choice minOccurs="0" maxOccurs="unbounded">
+        <xs:element name="role">
           <xs:complexType>
             <xs:attribute name="rolename" use="required" type="users:entityname" />
             <xs:attribute name="description" type="xs:string" />
           </xs:complexType>
         </xs:element>
-        <xs:element name="group" minOccurs="0" maxOccurs="unbounded">
+        <xs:element name="group">
           <xs:complexType>
             <xs:attribute name="groupname" use="required" type="users:entityname" />
             <xs:attribute name="description" type="xs:string" />
             <xs:attribute name="roles" type="xs:string" />
           </xs:complexType>
         </xs:element>
-        <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
+        <xs:element name="user">
           <xs:complexType>
             <xs:attribute name="username" use="required" type="users:entityname" />
             <xs:attribute name="fullname" type="xs:string" />
@@ -47,7 +47,7 @@
             <xs:attribute name="groups" type="xs:string" />
           </xs:complexType>
         </xs:element>
-      </xs:sequence>
+      </xs:choice>
       <xs:attribute name="version" type="xs:string" />
     </xs:complexType>
   </xs:element>
@@ -56,4 +56,4 @@
       <xs:minLength value="1"/>
     </xs:restriction>
   </xs:simpleType>
-</xs:schema>
\ No newline at end of file
+</xs:schema>
diff --git a/java/org/apache/catalina/users/MemoryUserDatabase.java b/java/org/apache/catalina/users/MemoryUserDatabase.java
index 1f44202..efde670 100644
--- a/java/org/apache/catalina/users/MemoryUserDatabase.java
+++ b/java/org/apache/catalina/users/MemoryUserDatabase.java
@@ -751,7 +751,14 @@ class MemoryGroupCreationFactory extends AbstractObjectCreationFactory {
         }
         String description = attributes.getValue("description");
         String roles = attributes.getValue("roles");
-        Group group = database.createGroup(groupname, description);
+        Group group = database.findGroup(groupname);
+        if (group == null) {
+            group = database.createGroup(groupname, description);
+        } else {
+            if (group.getDescription() == null) {
+                group.setDescription(description);
+            }
+        }
         if (roles != null) {
             while (roles.length() > 0) {
                 String rolename = null;
@@ -796,8 +803,14 @@ class MemoryRoleCreationFactory extends AbstractObjectCreationFactory {
             rolename = attributes.getValue("name");
         }
         String description = attributes.getValue("description");
-        Role role = database.createRole(rolename, description);
-        return role;
+        Role existingRole = database.findRole(rolename);
+        if (existingRole == null) {
+            return database.createRole(rolename, description);
+        }
+        if (existingRole.getDescription() == null) {
+            existingRole.setDescription(description);
+        }
+        return existingRole;
     }
 
     private final MemoryUserDatabase database;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0ce02e6..cb81ea7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -64,6 +64,10 @@
         Implement a few rewrite SSL env that correspond to Servlet request
         attributes. (remm)
       </fix>
+      <update>
+        <bug>64442</bug>Be more flexible with respect to the ordering of groups,
+        roles and users in the <code>tomcat-users.xml</code> file. (fschumacher)
+      </update>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org