You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by cr...@apache.org on 2001/03/26 22:02:18 UTC

cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector HttpRequestBase.java

craigmcc    01/03/26 12:02:17

  Modified:    catalina/src/share/org/apache/catalina/connector
                        HttpRequestBase.java
  Log:
  Correct the implementation of HttpServletRequest.isUserInRole() so that it
  properly respects role name aliases defined with <security-role-ref>.
  
  PR: Bugzilla #1086
  Submitted by:	kevinj@develop.com
  
  Revision  Changes    Path
  1.18      +22 -12    jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
  
  Index: HttpRequestBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- HttpRequestBase.java	2001/03/14 02:17:21	1.17
  +++ HttpRequestBase.java	2001/03/26 20:02:17	1.18
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.17 2001/03/14 02:17:21 craigmcc Exp $
  - * $Revision: 1.17 $
  - * $Date: 2001/03/14 02:17:21 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.18 2001/03/26 20:02:17 craigmcc Exp $
  + * $Revision: 1.18 $
  + * $Date: 2001/03/26 20:02:17 $
    *
    * ====================================================================
    *
  @@ -100,7 +100,7 @@
    * be implemented.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.17 $ $Date: 2001/03/14 02:17:21 $
  + * @version $Revision: 1.18 $ $Date: 2001/03/26 20:02:17 $
    */
   
   public class HttpRequestBase
  @@ -1135,20 +1135,30 @@
        */
       public boolean isUserInRole(String role) {
   
  -        if (context == null)
  +        // Have we got an authenticated principal at all?
  +        if (userPrincipal == null)
               return (false);
  -
  -	// Respect role name translations in the deployment descriptor
  -	String realRole = context.findRoleMapping(role);
   
  -	// Determine whether the current user has this role
  -	if (userPrincipal == null)
  -	    return (false);
  +        // Identify the Realm we will use for checking role assignmenets
  +        if (context == null)
  +            return (false);
   	Realm realm = context.getRealm();
   	if (realm == null)
   	    return (false);
   
  -	return (realm.hasRole(userPrincipal, realRole));
  +        // See if this role is assigned directly to the authenticated user
  +        if (realm.hasRole(userPrincipal, role))
  +            return (true);
  +
  +        // Map the specified role if it is an alias defined in a
  +        // <security-role-ref> element
  +        if (wrapper == null)
  +            return (false);
  +        String realRole = wrapper.findSecurityReference(role);
  +        if (realRole != null)
  +            return (realm.hasRole(userPrincipal, realRole));
  +        else
  +            return (false);
   
       }

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector HttpRequestBase.java

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Fri, 30 Mar 2001, Bill Claypool wrote:

> On Mon, Mar 26, 2001 at 08:02:18PM -0000, craigmcc@apache.org wrote:
> " craigmcc    01/03/26 12:02:17
> " 
> "   Modified:    catalina/src/share/org/apache/catalina/connector
> "                         HttpRequestBase.java
> "   Log:
> "   Correct the implementation of HttpServletRequest.isUserInRole() so that it
> "   properly respects role name aliases defined with <security-role-ref>.
> 
> Shouldn't this check for a mapped role first and only check for the
> unmapped role if there is no mapping.
> 

It is not clear to me that the order of checking would make any difference
in the result (except for a possible minor performance difference).  Is
there a use case where the order matters?

Craig

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector HttpRequestBase.java

Posted by Bill Claypool <jw...@unify.com>.

On Mon, Mar 26, 2001 at 08:02:18PM -0000, craigmcc@apache.org wrote:
" craigmcc    01/03/26 12:02:17
" 
"   Modified:    catalina/src/share/org/apache/catalina/connector
"                         HttpRequestBase.java
"   Log:
"   Correct the implementation of HttpServletRequest.isUserInRole() so that it
"   properly respects role name aliases defined with <security-role-ref>.

Shouldn't this check for a mapped role first and only check for the
unmapped role if there is no mapping.

"   
"   PR: Bugzilla #1086
"   Submitted by:	kevinj@develop.com
"   
"   Revision  Changes    Path
"   1.18      +22 -12    jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
"   
"   Index: HttpRequestBase.java
"   ===================================================================
"   RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
"   retrieving revision 1.17
"   retrieving revision 1.18
"   diff -u -r1.17 -r1.18
"   --- HttpRequestBase.java	2001/03/14 02:17:21	1.17
"   +++ HttpRequestBase.java	2001/03/26 20:02:17	1.18
"   @@ -1,7 +1,7 @@
"    /*
"   - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.17 2001/03/14 02:17:21 craigmcc Exp $
"   - * $Revision: 1.17 $
"   - * $Date: 2001/03/14 02:17:21 $
"   + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.18 2001/03/26 20:02:17 craigmcc Exp $
"   + * $Revision: 1.18 $
"   + * $Date: 2001/03/26 20:02:17 $
"     *
"     * ====================================================================
"     *
"   @@ -100,7 +100,7 @@
"     * be implemented.
"     *
"     * @author Craig R. McClanahan
"   - * @version $Revision: 1.17 $ $Date: 2001/03/14 02:17:21 $
"   + * @version $Revision: 1.18 $ $Date: 2001/03/26 20:02:17 $
"     */
"    
"    public class HttpRequestBase
"   @@ -1135,20 +1135,30 @@
"         */
"        public boolean isUserInRole(String role) {
"    
"   -        if (context == null)
"   +        // Have we got an authenticated principal at all?
"   +        if (userPrincipal == null)
"                return (false);
"   -
"   -	// Respect role name translations in the deployment descriptor
"   -	String realRole = context.findRoleMapping(role);
"    
"   -	// Determine whether the current user has this role
"   -	if (userPrincipal == null)
"   -	    return (false);
"   +        // Identify the Realm we will use for checking role assignmenets
"   +        if (context == null)
"   +            return (false);
"    	Realm realm = context.getRealm();
"    	if (realm == null)
"    	    return (false);
"    
"   -	return (realm.hasRole(userPrincipal, realRole));
"   +        // See if this role is assigned directly to the authenticated user
"   +        if (realm.hasRole(userPrincipal, role))
"   +            return (true);
"   +
"   +        // Map the specified role if it is an alias defined in a
"   +        // <security-role-ref> element
"   +        if (wrapper == null)
"   +            return (false);
"   +        String realRole = wrapper.findSecurityReference(role);
"   +        if (realRole != null)
"   +            return (realm.hasRole(userPrincipal, realRole));
"   +        else
"   +            return (false);
"    
"        }
"    
"   
"   
"   

-- 
Bill Claypool   |          Seeing is believing in the things you see.
jwc@Unify.Com   |            Loving is believing in the ones you love.
1 916 928 6259  | RKBA!                                  -Margie Adam