You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2006/03/26 21:55:05 UTC
svn commit: r388949 - /tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java

Author: remm
Date: Sun Mar 26 11:55:03 2006
New Revision: 388949

URL: http://svn.apache.org/viewcvs?rev=388949&view=rev
Log:
- 39021: Add back support for authentication only.
- Submitted by Scott Stark.

Modified:
    tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java

Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewcvs/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java?rev=388949&r1=388948&r2=388949&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/RealmBase.java Sun Mar 26 11:55:03 2006
@@ -152,6 +152,12 @@
      */
     protected boolean validate = true;
 
+    
+    /**
+     * The all role mode.
+     */
+    protected AllRolesMode allRolesMode = AllRolesMode.STRICT_MODE;
+    
 
     // ------------------------------------------------------------- Properties
 
@@ -180,6 +186,25 @@
     }
 
     /**
+     * Return the all roles mode.
+     */
+    public String getAllRolesMode() {
+
+        return allRolesMode.toString();
+
+    }
+
+
+    /**
+     * Set the all roles mode.
+     */
+    public void setAllRolesMode(String allRolesMode) {
+
+        this.allRolesMode = AllRolesMode.toMode(allRolesMode);
+
+    }
+
+    /**
      * Return the digest algorithm  used for storing credentials.
      */
     public String getDigest() {
@@ -767,6 +792,38 @@
                 }
             }
         }
+
+        if (allRolesMode != AllRolesMode.STRICT_MODE && !status && principal != null) {
+            if (log.isDebugEnabled()) {
+                log.debug("Checking for all roles mode: " + allRolesMode);
+            }
+            // Check for an all roles(role-name="*")
+            for (int i = 0; i < constraints.length; i++) {
+                SecurityConstraint constraint = constraints[i];
+                String roles[];
+                // If the all roles mode exists, sets
+                if (constraint.getAllRoles()) {
+                    if (allRolesMode == AllRolesMode.AUTH_ONLY_MODE) {
+                        if (log.isDebugEnabled()) {
+                            log.debug("Granting access for role-name=*, auth-only");
+                        }
+                        status = true;
+                        break;
+                    }
+                    
+                    // For AllRolesMode.STRICT_AUTH_ONLY_MODE there must be zero roles
+                    roles = request.getContext().findSecurityRoles();
+                    if (roles.length == 0 && allRolesMode == AllRolesMode.STRICT_AUTH_ONLY_MODE) {
+                        if (log.isDebugEnabled()) {
+                            log.debug("Granting access for role-name=*, strict auth-only");
+                        }
+                        status = true;
+                        break;
+                    }
+                }
+            }
+        }
+        
         // Return a "Forbidden" message denying access to this resource
         if(!status) {
             response.sendError
@@ -1310,6 +1367,60 @@
             }
         }
 
+    }
+
+
+    protected static class AllRolesMode {
+        
+        private String name;
+        /** Use the strict servlet spec interpretation which requires that the user
+         * have one of the web-app/security-role/role-name 
+         */
+        public static final AllRolesMode STRICT_MODE = new AllRolesMode("strict");
+        /** Allow any authenticated user
+         */
+        public static final AllRolesMode AUTH_ONLY_MODE = new AllRolesMode("authOnly");
+        /** Allow any authenticated user only if there are no web-app/security-roles
+         */
+        public static final AllRolesMode STRICT_AUTH_ONLY_MODE = new AllRolesMode("strictAuthOnly");
+        
+        static AllRolesMode toMode(String name)
+        {
+            AllRolesMode mode;
+            if( name.equalsIgnoreCase(STRICT_MODE.name) )
+                mode = STRICT_MODE;
+            else if( name.equalsIgnoreCase(AUTH_ONLY_MODE.name) )
+                mode = AUTH_ONLY_MODE;
+            else if( name.equalsIgnoreCase(STRICT_AUTH_ONLY_MODE.name) )
+                mode = STRICT_AUTH_ONLY_MODE;
+            else
+                throw new IllegalStateException("Unknown mode, must be one of: strict, authOnly, strictAuthOnly");
+            return mode;
+        }
+        
+        private AllRolesMode(String name)
+        {
+            this.name = name;
+        }
+        
+        public boolean equals(Object o)
+        {
+            boolean equals = false;
+            if( o instanceof AllRolesMode )
+            {
+                AllRolesMode mode = (AllRolesMode) o;
+                equals = name.equals(mode.name);
+            }
+            return equals;
+        }
+        public int hashCode()
+        {
+            return name.hashCode();
+        }
+        public String toString()
+        {
+            return name;
+        }
     }
 
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org