You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/12/05 17:13:31 UTC
svn commit: r1548189 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/catalina/realm/ test/org/apache/catalina/connector/
test/org/apache/catalina/core/ test/org/apache/catalina/realm/
test/org/apache/catalina/startup/ webapps/docs/
Author: markt
Date: Thu Dec 5 16:13:30 2013
New Revision: 1548189
URL: http://svn.apache.org/r1548189
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55839
Extend support for digest prefixes {MD5}, {SHA} and {SSHA} to all Realms rather than just the JNDIRealm.
Added:
tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java
- copied, changed from r1548169, tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterResponse.java
- copied unchanged from r1547897, tomcat/trunk/test/org/apache/catalina/connector/TesterResponse.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/
tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java
- copied, changed from r1548169, tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java
- copied, changed from r1547897, tomcat/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java
- copied, changed from r1547897, tomcat/trunk/test/org/apache/catalina/startup/TesterMapRealm.java
Removed:
tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java
tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1548169,1548182-1548183,1548185
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java Thu Dec 5 16:13:30 2013
@@ -319,12 +319,7 @@ public class DataSourceRealm
String dbCredentials = getPassword(dbConnection, username);
// Validate the user's credentials
- boolean validated = false;
- if (hasMessageDigest()) {
- // Hex hashes should be compared case-insensitive
- validated = (digest(credentials).equalsIgnoreCase(dbCredentials));
- } else
- validated = (digest(credentials).equals(dbCredentials));
+ boolean validated = compareCredentials(credentials, dbCredentials);
if (validated) {
if (containerLog.isTraceEnabled())
@@ -342,8 +337,7 @@ public class DataSourceRealm
ArrayList<String> list = getRoles(dbConnection, username);
// Create and return a suitable Principal for this user
- return (new GenericPrincipal(username, credentials, list));
-
+ return new GenericPrincipal(username, credentials, list);
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java Thu Dec 5 16:13:30 2013
@@ -408,13 +408,7 @@ public class JDBCRealm
String dbCredentials = getPassword(username);
// Validate the user's credentials
- boolean validated = false;
- if (hasMessageDigest()) {
- // Hex hashes should be compared case-insensitive
- validated = (digest(credentials).equalsIgnoreCase(dbCredentials));
- } else {
- validated = (digest(credentials).equals(dbCredentials));
- }
+ boolean validated = compareCredentials(credentials, dbCredentials);
if (validated) {
if (containerLog.isTraceEnabled())
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java Thu Dec 5 16:13:30 2013
@@ -14,16 +14,13 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.catalina.realm;
import java.net.URI;
import java.net.URISyntaxException;
-import java.nio.charset.Charset;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Hashtable;
@@ -53,8 +50,7 @@ import javax.naming.directory.SearchCont
import javax.naming.directory.SearchResult;
import org.apache.catalina.LifecycleException;
-import org.apache.tomcat.util.buf.B2CConverter;
-import org.apache.tomcat.util.codec.binary.Base64;
+
import org.ietf.jgss.GSSCredential;
/**
@@ -1565,64 +1561,16 @@ public class JNDIRealm extends RealmBase
String credentials)
throws NamingException {
- if (info == null || credentials == null)
- return (false);
-
- String password = info.getPassword();
- if (password == null)
- return (false);
-
// Validate the credentials specified by the user
if (containerLog.isTraceEnabled())
containerLog.trace(" validating credentials");
- boolean validated = false;
- if (hasMessageDigest()) {
- // Some directories prefix the password with the hash type
- // The string is in a format compatible with Base64.encode not
- // the Hex encoding of the parent class.
- if (password.startsWith("{MD5}") || password.startsWith("{SHA}")) {
- /* sync since super.digest() does this same thing */
- synchronized (this) {
- password = password.substring(5);
- md.reset();
- md.update(credentials.getBytes(Charset.defaultCharset()));
- byte[] encoded = Base64.encodeBase64(md.digest());
- String digestedPassword =
- new String(encoded, B2CConverter.ISO_8859_1);
- validated = password.equals(digestedPassword);
- }
- } else if (password.startsWith("{SSHA}")) {
- // Bugzilla 32938
- /* sync since super.digest() does this same thing */
- synchronized (this) {
- password = password.substring(6);
-
- md.reset();
- md.update(credentials.getBytes(Charset.defaultCharset()));
-
- // Decode stored password.
- byte[] decoded = Base64.decodeBase64(password);
-
- // Split decoded password into hash and salt.
- final int saltpos = 20;
- byte[] hash = new byte[saltpos];
- System.arraycopy(decoded, 0, hash, 0, saltpos);
-
- md.update(decoded, saltpos, decoded.length - saltpos);
-
- byte[] dp = md.digest();
+ if (info == null || credentials == null)
+ return (false);
- validated = Arrays.equals(dp, hash);
- } // End synchronized(this) block
- } else {
- // Hex hashes should be compared case-insensitive
- validated = (digest(credentials).equalsIgnoreCase(password));
- }
- } else
- validated = (digest(credentials).equals(password));
- return (validated);
+ String password = info.getPassword();
+ return compareCredentials(credentials, password);
}
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java Thu Dec 5 16:13:30 2013
@@ -142,17 +142,7 @@ public class MemoryRealm extends RealmB
GenericPrincipal principal = principals.get(username);
- boolean validated = false;
- if (principal != null && credentials != null) {
- if (hasMessageDigest()) {
- // Hex hashes should be compared case-insensitive
- validated = (digest(credentials)
- .equalsIgnoreCase(principal.getPassword()));
- } else {
- validated =
- (digest(credentials).equals(principal.getPassword()));
- }
- }
+ boolean validated = compareCredentials(credentials, principal.getPassword());
if (validated) {
if (log.isDebugEnabled())
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java Thu Dec 5 16:13:30 2013
@@ -14,11 +14,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.catalina.realm;
-
import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
import java.io.IOException;
@@ -29,6 +26,7 @@ import java.security.NoSuchAlgorithmExce
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Locale;
import javax.servlet.http.HttpServletResponse;
@@ -55,6 +53,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.HexUtils;
+import org.apache.tomcat.util.codec.binary.Base64;
import org.apache.tomcat.util.res.StringManager;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
@@ -362,15 +361,8 @@ public abstract class RealmBase extends
String serverCredentials = getPassword(username);
- boolean validated ;
- if ( serverCredentials == null ) {
- validated = false;
- } else if(hasMessageDigest()) {
- validated = serverCredentials.equalsIgnoreCase(digest(credentials));
- } else {
- validated = serverCredentials.equals(credentials);
- }
- if(! validated ) {
+ boolean validated = compareCredentials(credentials, serverCredentials);
+ if (!validated) {
if (containerLog.isTraceEnabled()) {
containerLog.trace(sm.getString("realmBase.authenticateFailure",
username));
@@ -529,6 +521,72 @@ public abstract class RealmBase extends
}
+ protected boolean compareCredentials(String userCredentials,
+ String serverCredentials) {
+
+ if (serverCredentials == null) {
+ return false;
+ }
+
+ if (hasMessageDigest()) {
+ // Some directories and databases prefix the password with the hash
+ // type. The string is in a format compatible with Base64.encode not
+ // the normal hex encoding of the digest
+ if (serverCredentials.startsWith("{MD5}") ||
+ serverCredentials.startsWith("{SHA}")) {
+ // Server is storing digested passwords with a prefix indicating
+ // the digest type
+ String serverDigest = serverCredentials.substring(5);
+ String userDigest;
+ synchronized (this) {
+ md.reset();
+ md.update(userCredentials.getBytes(B2CConverter.ISO_8859_1));
+ userDigest = Base64.encodeBase64String(md.digest());
+ }
+ return userDigest.equals(serverDigest);
+
+ } else if (serverCredentials.startsWith("{SSHA}")) {
+ // Server is storing digested passwords with a prefix indicating
+ // the digest type and the salt used when creating that digest
+
+ String serverDigestPlusSalt = serverCredentials.substring(6);
+
+ // Need to convert the salt to bytes to apply it to the user's
+ // digested password.
+ byte[] serverDigestPlusSaltBytes =
+ Base64.decodeBase64(serverDigestPlusSalt);
+ final int saltPos = 20;
+ byte[] serverDigestBytes = new byte[saltPos];
+ System.arraycopy(serverDigestPlusSaltBytes, 0,
+ serverDigestBytes, 0, saltPos);
+
+ // Generate the digested form of the user provided password
+ // using the salt
+ byte[] userDigestBytes;
+ synchronized (this) {
+ md.reset();
+ // User provided password
+ md.update(userCredentials.getBytes(B2CConverter.ISO_8859_1));
+ // Add the salt
+ md.update(serverDigestPlusSaltBytes, saltPos,
+ serverDigestPlusSaltBytes.length - saltPos);
+ userDigestBytes = md.digest();
+ }
+
+ return Arrays.equals(userDigestBytes, serverDigestBytes);
+
+ } else {
+ // Hex hashes should be compared case-insensitively
+ String userDigest = digest(userCredentials);
+ return serverCredentials.equalsIgnoreCase(userDigest);
+ }
+ } else {
+ // No digests, compare directly
+ return serverCredentials.equals(userCredentials);
+ }
+ }
+
+
/**
* Execute a periodic task, such as reloading, etc. This method will be
* invoked inside the classloading context of this container. Unexpected
Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java Thu Dec 5 16:13:30 2013
@@ -165,7 +165,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062a() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -178,7 +178,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062b() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -190,7 +190,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062c() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -202,7 +202,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062d() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -214,7 +214,7 @@ public class TestResponse extends Tomcat
@Test(expected=IllegalArgumentException.class)
public void testBug53062e() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -224,7 +224,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062f() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -237,7 +237,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062g() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -250,7 +250,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062h() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -264,7 +264,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062i() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -277,7 +277,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062j() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -289,7 +289,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062k() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -303,7 +303,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062l() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -316,7 +316,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062m() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -329,7 +329,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062n() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -342,7 +342,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062o() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -354,7 +354,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53062p() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -366,7 +366,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53469a() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
@@ -378,7 +378,7 @@ public class TestResponse extends Tomcat
@Test
public void testBug53469b() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java Thu Dec 5 16:13:30 2013
@@ -24,7 +24,7 @@ import org.junit.Test;
public class TestResponsePerformance {
@Test
public void testToAbsolutePerformance() throws Exception {
- Request req = new TesterMockRequest();
+ Request req = new TesterRequest();
Response resp = new Response();
resp.setRequest(req);
Copied: tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java (from r1548169, tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java)
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java&p1=tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java&r1=1548169&r2=1548189&rev=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java Thu Dec 5 16:13:30 2013
@@ -16,7 +16,7 @@
*/
package org.apache.catalina.connector;
-public class TesterMockRequest extends Request {
+public class TesterRequest extends Request {
@Override
public String getScheme() {
return "http";
@@ -36,4 +36,13 @@ public class TesterMockRequest extends R
public String getDecodedRequestURI() {
return "/level1/level2/foo.html";
}
+
+ private String method;
+ public void setMethod(String method) {
+ this.method = method;
+ }
+ @Override
+ public String getMethod() {
+ return method;
+ }
}
Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java Thu Dec 5 16:13:30 2013
@@ -19,6 +19,8 @@ package org.apache.catalina.core;
import java.beans.PropertyChangeListener;
import java.io.IOException;
import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
@@ -58,6 +60,7 @@ import org.apache.catalina.deploy.Naming
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.util.CharsetMapper;
import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.InstanceManager;
import org.apache.tomcat.JarScanner;
import org.apache.tomcat.util.http.mapper.Mapper;
@@ -67,9 +70,51 @@ import org.apache.tomcat.util.http.mappe
*/
public class TesterContext implements Context {
+ private static final Log log = LogFactory.getLog(TesterContext.class);
+
+ private List<String> securityRoles = new ArrayList<String>();
+ @Override
+ public void addSecurityRole(String role) {
+ securityRoles.add(role);
+ }
+
+ @Override
+ public boolean findSecurityRole(String role) {
+ return securityRoles.contains(role);
+ }
+
+ @Override
+ public String[] findSecurityRoles() {
+ return securityRoles.toArray(new String[securityRoles.size()]);
+ }
+
+ @Override
+ public void removeSecurityRole(String role) {
+ securityRoles.remove(role);
+ }
+
+ private List<SecurityConstraint> securityConstraints =
+ new ArrayList<SecurityConstraint>();
+ @Override
+ public void addConstraint(SecurityConstraint constraint) {
+ securityConstraints.add(constraint);
+ }
+
+ @Override
+ public SecurityConstraint[] findConstraints() {
+ return securityConstraints.toArray(
+ new SecurityConstraint[securityConstraints.size()]);
+ }
+
+ @Override
+ public void removeConstraint(SecurityConstraint constraint) {
+ securityConstraints.remove(constraint);
+ }
+
+
@Override
public Log getLogger() {
- return null;
+ return log;
}
@Override
@@ -641,11 +686,6 @@ public class TesterContext implements Co
}
@Override
- public void addConstraint(SecurityConstraint constraint) {
- // NO-OP
- }
-
- @Override
public void addErrorPage(ErrorPage errorPage) {
// NO-OP
}
@@ -691,11 +731,6 @@ public class TesterContext implements Co
}
@Override
- public void addSecurityRole(String role) {
- // NO-OP
- }
-
- @Override
public void addServletMapping(String pattern, String name) {
// NO-OP
}
@@ -742,11 +777,6 @@ public class TesterContext implements Co
}
@Override
- public SecurityConstraint[] findConstraints() {
- return null;
- }
-
- @Override
public ErrorPage findErrorPage(int errorCode) {
return null;
}
@@ -807,16 +837,6 @@ public class TesterContext implements Co
}
@Override
- public boolean findSecurityRole(String role) {
- return false;
- }
-
- @Override
- public String[] findSecurityRoles() {
- return null;
- }
-
- @Override
public String findServletMapping(String pattern) {
return null;
}
@@ -887,11 +907,6 @@ public class TesterContext implements Co
}
@Override
- public void removeConstraint(SecurityConstraint constraint) {
- // NO-OP
- }
-
- @Override
public void removeErrorPage(ErrorPage errorPage) {
// NO-OP
}
@@ -927,11 +942,6 @@ public class TesterContext implements Co
}
@Override
- public void removeSecurityRole(String role) {
- // NO-OP
- }
-
- @Override
public void removeServletMapping(String pattern) {
// NO-OP
}
Copied: tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java (from r1548169, tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java)
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java&p1=tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java&r1=1548169&r2=1548189&rev=1548189&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java Thu Dec 5 16:13:30 2013
@@ -33,9 +33,9 @@ import org.apache.catalina.connector.Res
import org.apache.catalina.connector.TesterRequest;
import org.apache.catalina.connector.TesterResponse;
import org.apache.catalina.core.TesterContext;
+import org.apache.catalina.deploy.SecurityCollection;
+import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.startup.TesterMapRealm;
-import org.apache.tomcat.util.descriptor.web.SecurityCollection;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
public class TestRealmBase {
@@ -47,7 +47,7 @@ public class TestRealmBase {
private static final String ROLE2 = "role2";
private static final String ROLE3 = "role3";
private static final String ROLE99 = "role99";
-
+
// All digested passwords are the digested form of "password"
private static final String PWD_MD5 = "5f4dcc3b5aa765d61d8327deb882cf99";
private static final String PWD_SHA = "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8";
@@ -59,6 +59,9 @@ public class TestRealmBase {
private static final String PWD_SSHA_PREFIX =
"{SSHA}oFLhvfQVqFykEWu8v1pPE6nN0QRzYWx0dG9wcm90ZWN0cGFzc3dvcmQ=";
+ private static final String ROLE_ALL_ROLES="*";
+
+
@Test
public void testDigestMD5() throws Exception {
doTestDigestDigestPasswords(PWD, "MD5", PWD_MD5);
@@ -102,9 +105,9 @@ public class TestRealmBase {
@Test
public void testUserWithSingleRole() throws IOException {
- List<String> userRoles = new ArrayList<>();
- List<String> constraintRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
// Configure this test
userRoles.add(ROLE1);
@@ -117,9 +120,9 @@ public class TestRealmBase {
@Test
public void testUserWithNoRoles() throws IOException {
- List<String> userRoles = new ArrayList<>();
- List<String> constraintRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
// Configure this test
constraintRoles.add(ROLE1);
@@ -131,14 +134,14 @@ public class TestRealmBase {
@Test
public void testUserWithSingleRoleAndAllRoles() throws IOException {
- List<String> userRoles = new ArrayList<>();
- List<String> constraintRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
// Configure this test
userRoles.add(ROLE1);
applicationRoles.add(ROLE1);
- constraintRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+ constraintRoles.add(ROLE_ALL_ROLES);
doRoleTest(userRoles, constraintRoles, applicationRoles, true);
}
@@ -146,12 +149,12 @@ public class TestRealmBase {
@Test
public void testUserWithoutNoRolesAndAllRoles() throws IOException {
- List<String> userRoles = new ArrayList<>();
- List<String> constraintRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
// Configure this test
- constraintRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+ constraintRoles.add(ROLE_ALL_ROLES);
applicationRoles.add(ROLE1);
doRoleTest(userRoles, constraintRoles, applicationRoles, false);
@@ -160,66 +163,22 @@ public class TestRealmBase {
@Test
public void testAllRolesWithNoAppRole() throws IOException {
- List<String> userRoles = new ArrayList<>();
- List<String> constraintRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
// Configure this test
userRoles.add(ROLE1);
- constraintRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+ constraintRoles.add(ROLE_ALL_ROLES);
doRoleTest(userRoles, constraintRoles, applicationRoles, false);
}
@Test
- public void testAllAuthenticatedUsers() throws IOException {
- List<String> userRoles = new ArrayList<>();
- List<String> constraintRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- // Configure this test
- constraintRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-
- doRoleTest(userRoles, constraintRoles, applicationRoles, true);
- }
-
-
- @Test
- public void testAllAuthenticatedUsersAsAppRoleNoUser() throws IOException {
- List<String> userRoles = new ArrayList<>();
- List<String> constraintRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- // Configure this test
- userRoles.add(ROLE1);
- constraintRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
- applicationRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-
- doRoleTest(userRoles, constraintRoles, applicationRoles, false);
- }
-
-
- @Test
- public void testAllAuthenticatedUsersAsAppRoleWithUser()
- throws IOException {
- List<String> userRoles = new ArrayList<>();
- List<String> constraintRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- // Configure this test
- userRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
- constraintRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
- applicationRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-
- doRoleTest(userRoles, constraintRoles, applicationRoles, true);
- }
-
-
- @Test
public void testNoAuthConstraint() throws IOException {
// No auth constraint == allow access for all
- List<String> applicationRoles = new ArrayList<>();
+ List<String> applicationRoles = new ArrayList<String>();
doRoleTest(null, null, applicationRoles, true);
}
@@ -234,10 +193,10 @@ public class TestRealmBase {
public void testCombineConstraints01() throws IOException {
// Allowed roles should be the union of the roles in the constraints
// User role is in first constraint
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
userRoles.add(ROLE1);
constraintOneRoles.add(ROLE1);
@@ -254,10 +213,10 @@ public class TestRealmBase {
public void testCombineConstraints02() throws IOException {
// Allowed roles should be the union of the roles in the constraints
// User role is in last constraint
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
userRoles.add(ROLE2);
constraintOneRoles.add(ROLE1);
@@ -274,10 +233,10 @@ public class TestRealmBase {
public void testCombineConstraints03() throws IOException {
// Allowed roles should be the union of the roles in the constraints
// User role is not in any constraint
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
userRoles.add(ROLE3);
constraintOneRoles.add(ROLE1);
@@ -295,14 +254,14 @@ public class TestRealmBase {
// Allowed roles should be the union of the roles in the constraints
// * is any app role
// User role is not in any constraint
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
userRoles.add(ROLE99);
constraintOneRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+ constraintTwoRoles.add(ROLE_ALL_ROLES);
applicationRoles.add(ROLE2);
applicationRoles.add(ROLE3);
@@ -316,14 +275,14 @@ public class TestRealmBase {
// Allowed roles should be the union of the roles in the constraints
// * is any app role
// User role is a non-app constraint role
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
userRoles.add(ROLE1);
constraintOneRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+ constraintTwoRoles.add(ROLE_ALL_ROLES);
applicationRoles.add(ROLE2);
applicationRoles.add(ROLE3);
@@ -337,14 +296,14 @@ public class TestRealmBase {
// Allowed roles should be the union of the roles in the constraints
// * is any app role
// User role is an app role
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
userRoles.add(ROLE2);
constraintOneRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+ constraintTwoRoles.add(ROLE_ALL_ROLES);
applicationRoles.add(ROLE2);
applicationRoles.add(ROLE3);
@@ -358,98 +317,17 @@ public class TestRealmBase {
// Allowed roles should be the union of the roles in the constraints
// * is any app role
// User has no role
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- constraintOneRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
- applicationRoles.add(ROLE2);
- applicationRoles.add(ROLE3);
-
- doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
- applicationRoles, false);
- }
-
-
- @Test
- public void testCombineConstraints08() throws IOException {
- // Allowed roles should be the union of the roles in the constraints
- // ** is any authenticated user
- // User has no role
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- constraintOneRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
- applicationRoles.add(ROLE2);
- applicationRoles.add(ROLE3);
-
- doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
- applicationRoles, true);
- }
-
-
- @Test
- public void testCombineConstraints09() throws IOException {
- // Allowed roles should be the union of the roles in the constraints
- // ** is any authenticated user
- // User has constraint role
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- userRoles.add(ROLE1);
- constraintOneRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
- applicationRoles.add(ROLE2);
- applicationRoles.add(ROLE3);
-
- doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
- applicationRoles, true);
- }
-
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
- @Test
- public void testCombineConstraints10() throws IOException {
- // Allowed roles should be the union of the roles in the constraints
- // ** is any authenticated user
- // User has app role
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- userRoles.add(ROLE2);
constraintOneRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
+ constraintTwoRoles.add(ROLE_ALL_ROLES);
applicationRoles.add(ROLE2);
applicationRoles.add(ROLE3);
doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
- applicationRoles, true);
- }
-
-
- @Test
- public void testCombineConstraints11() throws IOException {
- // Allowed roles should be the union of the roles in the constraints
- // ** is any authenticated user
- // User is not authenticated
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- constraintOneRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
- applicationRoles.add(ROLE2);
- applicationRoles.add(ROLE3);
-
- doRoleTest(null, constraintOneRoles, constraintTwoRoles,
applicationRoles, false);
}
@@ -459,8 +337,8 @@ public class TestRealmBase {
// Allowed roles should be the union of the roles in the constraints
// Constraint without role or implied role permits unauthenticated users
// User is not authenticated
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
constraintTwoRoles.add(ROLE1);
applicationRoles.add(ROLE1);
@@ -475,26 +353,10 @@ public class TestRealmBase {
// Allowed roles should be the union of the roles in the constraints
// Constraint without role or implied role permits unauthenticated users
// User is not authenticated
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
- applicationRoles.add(ROLE1);
-
- doRoleTest(null, null, constraintTwoRoles,
- applicationRoles, true);
- }
-
-
- @Test
- public void testCombineConstraints14() throws IOException {
- // Allowed roles should be the union of the roles in the constraints
- // Constraint without role or implied role permits unauthenticated users
- // User is not authenticated
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
+ constraintTwoRoles.add(ROLE_ALL_ROLES);
applicationRoles.add(ROLE1);
doRoleTest(null, null, constraintTwoRoles,
@@ -507,10 +369,10 @@ public class TestRealmBase {
// Allowed roles should be the union of the roles in the constraints
// Constraint with empty auth section prevents all access
// User has matching constraint role
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
userRoles.add(ROLE1);
constraintTwoRoles.add(ROLE1);
@@ -526,32 +388,13 @@ public class TestRealmBase {
// Allowed roles should be the union of the roles in the constraints
// Constraint with empty auth section prevents all access
// User has matching role
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
+ List<String> userRoles = new ArrayList<String>();
+ List<String> constraintOneRoles = new ArrayList<String>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
+ List<String> applicationRoles = new ArrayList<String>();
userRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
- applicationRoles.add(ROLE1);
-
- doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
- applicationRoles, false);
- }
-
-
- @Test
- public void testCombineConstraints17() throws IOException {
- // Allowed roles should be the union of the roles in the constraints
- // Constraint with empty auth section prevents all access
- // User matches all authenticated users
- List<String> userRoles = new ArrayList<>();
- List<String> constraintOneRoles = new ArrayList<>();
- List<String> constraintTwoRoles = new ArrayList<>();
- List<String> applicationRoles = new ArrayList<>();
-
- userRoles.add(ROLE1);
- constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
+ constraintTwoRoles.add(ROLE_ALL_ROLES);
applicationRoles.add(ROLE1);
doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
@@ -571,7 +414,7 @@ public class TestRealmBase {
List<String> constraintRoles, List<String> applicationRoles,
boolean expected) throws IOException {
- List<String> constraintTwoRoles = new ArrayList<>();
+ List<String> constraintTwoRoles = new ArrayList<String>();
constraintTwoRoles.add(ROLE99);
doRoleTest(userRoles, constraintRoles, constraintTwoRoles,
applicationRoles, expected);
@@ -591,10 +434,6 @@ public class TestRealmBase {
constraintOne.setAuthConstraint(true);
for (String constraintRole : constraintOneRoles) {
constraintOne.addAuthRole(constraintRole);
- if (applicationRoles.contains(
- SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)) {
- constraintOne.treatAllAuthenticatedUsersAsApplicationRole();
- }
}
}
SecurityConstraint constraintTwo = new SecurityConstraint();
@@ -602,10 +441,6 @@ public class TestRealmBase {
constraintTwo.setAuthConstraint(true);
for (String constraintRole : constraintTwoRoles) {
constraintTwo.addAuthRole(constraintRole);
- if (applicationRoles.contains(
- SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)) {
- constraintTwo.treatAllAuthenticatedUsersAsApplicationRole();
- }
}
}
SecurityConstraint[] constraints =
@@ -672,15 +507,15 @@ public class TestRealmBase {
request.setContext(context);
// Create the principals
- List<String> userRoles1 = new ArrayList<>();
+ List<String> userRoles1 = new ArrayList<String>();
userRoles1.add(ROLE1);
GenericPrincipal gp1 = new GenericPrincipal(USER1, PWD, userRoles1);
- List<String> userRoles2 = new ArrayList<>();
+ List<String> userRoles2 = new ArrayList<String>();
userRoles2.add(ROLE2);
GenericPrincipal gp2 = new GenericPrincipal(USER2, PWD, userRoles2);
- List<String> userRoles99 = new ArrayList<>();
+ List<String> userRoles99 = new ArrayList<String>();
GenericPrincipal gp99 = new GenericPrincipal(USER99, PWD, userRoles99);
// Add the constraints to the context
@@ -748,25 +583,6 @@ public class TestRealmBase {
Assert.assertFalse(mapRealm.hasResourcePermission(
request, response, constraintsPut, null));
- // Any authenticated user should be able to perform a TRACE.
- request.setMethod("TRACE");
-
- SecurityConstraint[] constraintsTrace =
- mapRealm.findSecurityConstraints(request, context);
-
- request.setUserPrincipal(null);
- Assert.assertFalse(mapRealm.hasResourcePermission(
- request, response, constraintsTrace, null));
- request.setUserPrincipal(gp1);
- Assert.assertTrue(mapRealm.hasResourcePermission(
- request, response, constraintsTrace, null));
- request.setUserPrincipal(gp2);
- Assert.assertTrue(mapRealm.hasResourcePermission(
- request, response, constraintsTrace, null));
- request.setUserPrincipal(gp99);
- Assert.assertTrue(mapRealm.hasResourcePermission(
- request, response, constraintsTrace, null));
-
// Only user1 should be able to perform a DELETE as only that user has
// role1.
request.setMethod("DELETE");
Copied: tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java (from r1547897, tomcat/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java)
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java&p1=tomcat/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java&r1=1547897&r2=1548189&rev=1548189&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java Thu Dec 5 16:13:30 2013
@@ -20,16 +20,11 @@ import javax.servlet.annotation.HttpCons
import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
-
@ServletSecurity(value=@HttpConstraint,
httpMethodConstraints={
@HttpMethodConstraint(value="POST",
rolesAllowed=TestRealmBase.ROLE1),
- @HttpMethodConstraint(value="PUT",
- rolesAllowed=SecurityConstraint.ROLE_ALL_ROLES),
- @HttpMethodConstraint(value="TRACE",
- rolesAllowed=SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)})
+ @HttpMethodConstraint(value="PUT", rolesAllowed="*")})
public class TesterServletSecurity01 {
// Class is NO-OP. It is only used to 'host' the annotation.
}
Copied: tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java (from r1547897, tomcat/trunk/test/org/apache/catalina/startup/TesterMapRealm.java)
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java&p1=tomcat/trunk/test/org/apache/catalina/startup/TesterMapRealm.java&r1=1547897&r2=1548189&rev=1548189&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/startup/TesterMapRealm.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java Thu Dec 5 16:13:30 2013
@@ -30,8 +30,8 @@ import org.apache.catalina.realm.RealmBa
* passwords.
*/
public final class TesterMapRealm extends RealmBase {
- private Map<String,String> users = new HashMap<>();
- private Map<String,List<String>> roles = new HashMap<>();
+ private Map<String,String> users = new HashMap<String,String>();
+ private Map<String,List<String>> roles = new HashMap<String,List<String>>();
public void addUser(String username, String password) {
users.put(username, password);
@@ -40,7 +40,7 @@ public final class TesterMapRealm extend
public void addUserRole(String username, String role) {
List<String> userRoles = roles.get(username);
if (userRoles == null) {
- userRoles = new ArrayList<>();
+ userRoles = new ArrayList<String>();
roles.put(username, userRoles);
}
userRoles.add(role);
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Dec 5 16:13:30 2013
@@ -193,6 +193,10 @@
<bug>55804</bug>: If the GSSCredential for the cached Principal expires
when using SPNEGO authentication, force a re-authentication. (markt)
</fix>
+ <fix>
+ <bug>55839</bug>: Extend support for digest prefixes {MD5}, {SHA} and
+ {SSHA} to all Realms rather than just the JNDIRealm. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org