You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by cr...@apache.org on 2001/03/26 22:02:18 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector HttpRequestBase.java
craigmcc 01/03/26 12:02:17
Modified: catalina/src/share/org/apache/catalina/connector
HttpRequestBase.java
Log:
Correct the implementation of HttpServletRequest.isUserInRole() so that it
properly respects role name aliases defined with <security-role-ref>.
PR: Bugzilla #1086
Submitted by: kevinj@develop.com
Revision Changes Path
1.18 +22 -12 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
Index: HttpRequestBase.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- HttpRequestBase.java 2001/03/14 02:17:21 1.17
+++ HttpRequestBase.java 2001/03/26 20:02:17 1.18
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.17 2001/03/14 02:17:21 craigmcc Exp $
- * $Revision: 1.17 $
- * $Date: 2001/03/14 02:17:21 $
+ * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.18 2001/03/26 20:02:17 craigmcc Exp $
+ * $Revision: 1.18 $
+ * $Date: 2001/03/26 20:02:17 $
*
* ====================================================================
*
@@ -100,7 +100,7 @@
* be implemented.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.17 $ $Date: 2001/03/14 02:17:21 $
+ * @version $Revision: 1.18 $ $Date: 2001/03/26 20:02:17 $
*/
public class HttpRequestBase
@@ -1135,20 +1135,30 @@
*/
public boolean isUserInRole(String role) {
- if (context == null)
+ // Have we got an authenticated principal at all?
+ if (userPrincipal == null)
return (false);
-
- // Respect role name translations in the deployment descriptor
- String realRole = context.findRoleMapping(role);
- // Determine whether the current user has this role
- if (userPrincipal == null)
- return (false);
+ // Identify the Realm we will use for checking role assignmenets
+ if (context == null)
+ return (false);
Realm realm = context.getRealm();
if (realm == null)
return (false);
- return (realm.hasRole(userPrincipal, realRole));
+ // See if this role is assigned directly to the authenticated user
+ if (realm.hasRole(userPrincipal, role))
+ return (true);
+
+ // Map the specified role if it is an alias defined in a
+ // <security-role-ref> element
+ if (wrapper == null)
+ return (false);
+ String realRole = wrapper.findSecurityReference(role);
+ if (realRole != null)
+ return (realm.hasRole(userPrincipal, realRole));
+ else
+ return (false);
}
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector
HttpRequestBase.java
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Fri, 30 Mar 2001, Bill Claypool wrote:
> On Mon, Mar 26, 2001 at 08:02:18PM -0000, craigmcc@apache.org wrote:
> " craigmcc 01/03/26 12:02:17
> "
> " Modified: catalina/src/share/org/apache/catalina/connector
> " HttpRequestBase.java
> " Log:
> " Correct the implementation of HttpServletRequest.isUserInRole() so that it
> " properly respects role name aliases defined with <security-role-ref>.
>
> Shouldn't this check for a mapped role first and only check for the
> unmapped role if there is no mapping.
>
It is not clear to me that the order of checking would make any difference
in the result (except for a possible minor performance difference). Is
there a use case where the order matters?
Craig
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector HttpRequestBase.java
Posted by Bill Claypool <jw...@unify.com>.
On Mon, Mar 26, 2001 at 08:02:18PM -0000, craigmcc@apache.org wrote:
" craigmcc 01/03/26 12:02:17
"
" Modified: catalina/src/share/org/apache/catalina/connector
" HttpRequestBase.java
" Log:
" Correct the implementation of HttpServletRequest.isUserInRole() so that it
" properly respects role name aliases defined with <security-role-ref>.
Shouldn't this check for a mapped role first and only check for the
unmapped role if there is no mapping.
"
" PR: Bugzilla #1086
" Submitted by: kevinj@develop.com
"
" Revision Changes Path
" 1.18 +22 -12 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
"
" Index: HttpRequestBase.java
" ===================================================================
" RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
" retrieving revision 1.17
" retrieving revision 1.18
" diff -u -r1.17 -r1.18
" --- HttpRequestBase.java 2001/03/14 02:17:21 1.17
" +++ HttpRequestBase.java 2001/03/26 20:02:17 1.18
" @@ -1,7 +1,7 @@
" /*
" - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.17 2001/03/14 02:17:21 craigmcc Exp $
" - * $Revision: 1.17 $
" - * $Date: 2001/03/14 02:17:21 $
" + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.18 2001/03/26 20:02:17 craigmcc Exp $
" + * $Revision: 1.18 $
" + * $Date: 2001/03/26 20:02:17 $
" *
" * ====================================================================
" *
" @@ -100,7 +100,7 @@
" * be implemented.
" *
" * @author Craig R. McClanahan
" - * @version $Revision: 1.17 $ $Date: 2001/03/14 02:17:21 $
" + * @version $Revision: 1.18 $ $Date: 2001/03/26 20:02:17 $
" */
"
" public class HttpRequestBase
" @@ -1135,20 +1135,30 @@
" */
" public boolean isUserInRole(String role) {
"
" - if (context == null)
" + // Have we got an authenticated principal at all?
" + if (userPrincipal == null)
" return (false);
" -
" - // Respect role name translations in the deployment descriptor
" - String realRole = context.findRoleMapping(role);
"
" - // Determine whether the current user has this role
" - if (userPrincipal == null)
" - return (false);
" + // Identify the Realm we will use for checking role assignmenets
" + if (context == null)
" + return (false);
" Realm realm = context.getRealm();
" if (realm == null)
" return (false);
"
" - return (realm.hasRole(userPrincipal, realRole));
" + // See if this role is assigned directly to the authenticated user
" + if (realm.hasRole(userPrincipal, role))
" + return (true);
" +
" + // Map the specified role if it is an alias defined in a
" + // <security-role-ref> element
" + if (wrapper == null)
" + return (false);
" + String realRole = wrapper.findSecurityReference(role);
" + if (realRole != null)
" + return (realm.hasRole(userPrincipal, realRole));
" + else
" + return (false);
"
" }
"
"
"
"
--
Bill Claypool | Seeing is believing in the things you see.
jwc@Unify.Com | Loving is believing in the ones you love.
1 916 928 6259 | RKBA! -Margie Adam