You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2009/08/16 00:11:08 UTC
svn commit: r804534 - in /geronimo/server/trunk/plugins:
jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
Author: djencks
Date: Sat Aug 15 22:11:08 2009
New Revision: 804534
URL: http://svn.apache.org/viewvc?rev=804534&view=rev
Log:
GERONIMO-4645 fix WebUserDataPermission ':' escaping
Modified:
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java?rev=804534&r1=804533&r2=804534&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java Sat Aug 15 22:11:08 2009
@@ -137,14 +137,7 @@
}
try {
- String transportType;
- if (request.isSecure()) {
- transportType = "CONFIDENTIAL";
- } else if (request.getConnection().isIntegral(request)) {
- transportType = "INTEGRAL";
- } else {
- transportType = "NONE";
- }
+ boolean notIntegral = request.isSecure() || !request.getConnection().isIntegral(request);
Authenticator authenticator = getAuthenticator();
boolean isAuthenticated = false;
@@ -180,7 +173,12 @@
/**
* JACC v1.0 section 4.1.1
*/
- WebUserDataPermission wudp = new WebUserDataPermission(pathInContext, new String[]{request.getMethod()}, transportType);
+ WebUserDataPermission wudp;
+ if (notIntegral) {
+ wudp = new WebUserDataPermission(request);
+ } else {
+ wudp = new WebUserDataPermission(encodeColons(request), new String[]{request.getMethod()}, "INTEGRAL");
+ }
acc.checkPermission(wudp);
WebResourcePermission webResourcePermission = new WebResourcePermission(request);
@@ -218,6 +216,15 @@
return true;
}
+ private static String encodeColons(HttpServletRequest request) {
+ String result = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
+
+ if (result.indexOf(":") > -1) result = result.replaceAll(":", "%3A");
+
+ return result;
+ }
+
+
/**
* Generate the default principal from the security config.
*
Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java?rev=804534&r1=804533&r2=804534&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java (original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java Sat Aug 15 22:11:08 2009
@@ -99,20 +99,18 @@
}
protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException {
- try {
- String transportType;
- if (request.isSecure()) {
- transportType = "CONFIDENTIAL";
- } else if (request.getConnection().isIntegral(request)) {
- transportType = "INTEGRAL";
- } else {
- transportType = "NONE";
- }
+ boolean notIntegral = request.isSecure() || !request.getConnection().isIntegral(request);
+ try {
/**
* JACC v1.0 section 4.1.1
*/
- WebUserDataPermission wudp = new WebUserDataPermission(pathInContext, new String[]{request.getMethod()}, transportType);
+ WebUserDataPermission wudp;
+ if (notIntegral) {
+ wudp = new WebUserDataPermission(request);
+ } else {
+ wudp = new WebUserDataPermission(encodeColons(request), new String[]{request.getMethod()}, "INTEGRAL");
+ }
defaultAcc.checkPermission(wudp);
return true;
} catch (AccessControlException e) {
@@ -121,6 +119,14 @@
}
}
+ private static String encodeColons(HttpServletRequest request) {
+ String result = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
+
+ if (result.indexOf(":") > -1) result = result.replaceAll(":", "%3A");
+
+ return result;
+ }
+
protected boolean isAuthMandatory(Request base_request, Response base_response, Object constraintInfo) {
return !checkWebResourcePermission(base_request, defaultAcc);
}