You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ad...@apache.org on 2006/08/16 06:55:51 UTC
svn commit: r431819 - in
/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src:
main/java/javax/security/jacc/ test/java/javax/security/jacc/
Author: adc
Date: Tue Aug 15 21:55:51 2006
New Revision: 431819
URL: http://svn.apache.org/viewvc?rev=431819&view=rev
Log:
GERONIMO-2327 Need to encode colons for JACC web permissions
Added:
geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java (with props)
Modified:
geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java
geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java
geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java
geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java
Modified: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java?rev=431819&r1=431818&r2=431819&view=diff
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java (original)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java Tue Aug 15 21:55:51 2006
@@ -25,9 +25,10 @@
import java.util.Iterator;
import java.util.LinkedList;
+import javax.servlet.http.HttpServletRequest;
+
/**
- *
* @version $Rev$ $Date$
*/
final class URLPatternSpec {
@@ -46,7 +47,7 @@
first = new URLPattern(tokens[0]);
URLPattern candidate;
- for (int i=1; i<tokens.length; i++) {
+ for (int i = 1; i < tokens.length; i++) {
candidate = new URLPattern(tokens[i]);
// No pattern may exist in the URLPatternList that matches the first pattern.
@@ -54,18 +55,16 @@
throw new java.lang.IllegalArgumentException("Qualifier patterns in the URLPatternSpec cannot match the first URLPattern");
}
- if (first.type == URLPattern.PATH_PREFIX ) {
+ if (first.type == URLPattern.PATH_PREFIX) {
// If the first pattern is a path-prefix pattern, only exact patterns
// matched by the first pattern and path-prefix patterns matched by,
// but different from, the first pattern may occur in the URLPatternList.
- if (candidate.type == URLPattern.EXACT && !first.matches(candidate))
- {
+ if (candidate.type == URLPattern.EXACT && !first.matches(candidate)) {
throw new java.lang.IllegalArgumentException("Exact qualifier patterns in the URLPatternSpec must be matched by the first URLPattern");
- }
- else if (candidate.type == URLPattern.PATH_PREFIX
- && !(first.matches(candidate) && first.pattern.length() < candidate.pattern.length()))
+ } else if (candidate.type == URLPattern.PATH_PREFIX
+ && !(first.matches(candidate) && first.pattern.length() < candidate.pattern.length()))
{
throw new java.lang.IllegalArgumentException("path-prefix qualifier patterns in the URLPatternSpec must be matched by, but different from, the first URLPattern");
} else if (candidate.type == URLPattern.EXTENSION) {
@@ -125,7 +124,7 @@
// of this permission.
Iterator iter1 = qualifiers.iterator();
while (iter1.hasNext()) {
- if (((URLPattern)iter1.next()).matches(p.first)) return false;
+ if (((URLPattern) iter1.next()).matches(p.first)) return false;
}
// If the first URLPattern in the name of the argument permission
@@ -138,11 +137,11 @@
while (iter2.hasNext()) {
Iterator iter3 = qualifiers.iterator();
- URLPattern test = (URLPattern)iter2.next();
+ URLPattern test = (URLPattern) iter2.next();
boolean found = false;
while (iter3.hasNext()) {
- if (test.matches((URLPattern)iter3.next())) {
+ if (test.matches((URLPattern) iter3.next())) {
found = true;
break;
}
@@ -154,11 +153,21 @@
return true;
}
+ static String encodeColons(HttpServletRequest request) {
+ String result = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
+
+ if (result.indexOf("%3A") > -1) result = result.replaceAll("%3A", "%3A%3A");
+ if (result.indexOf(":") > -1) result = result.replaceAll(":", "%3A");
+
+ return result;
+ }
+
private class URLPattern {
- public final static int EXACT = 0x0;
+
+ public final static int EXACT = 0x0;
public final static int PATH_PREFIX = 0x1;
- public final static int EXTENSION = 0x2;
- public final static int DEFAULT = 0x4;
+ public final static int EXTENSION = 0x2;
+ public final static int DEFAULT = 0x4;
public int type;
public String pattern;
@@ -167,7 +176,7 @@
if (pat == null) throw new java.lang.IllegalArgumentException("URLPattern cannot be null");
if (pat.length() == 0) throw new java.lang.IllegalArgumentException("URLPattern cannot be empty");
- if (pat.equals("/") || pat.equals("/*") ) {
+ if (pat.equals("/") || pat.equals("/*")) {
type = DEFAULT;
} else if (pat.charAt(0) == '/' && pat.endsWith("/*")) {
type = PATH_PREFIX;
@@ -194,10 +203,10 @@
// 2 characters, and the next character of the argument pattern,
// if there is one, is "/"
case PATH_PREFIX: {
- int length = pattern.length()-2;
+ int length = pattern.length() - 2;
if (length > test.length()) return false;
- for (int i=0; i<length; i++) {
+ for (int i = 0; i < length; i++) {
if (pattern.charAt(i) != test.charAt(i)) return false;
}
Modified: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java?rev=431819&r1=431818&r2=431819&view=diff
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java (original)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java Tue Aug 15 21:55:51 2006
@@ -44,7 +44,7 @@
public WebResourcePermission(HttpServletRequest request) {
super(request.getServletPath());
- urlPatternSpec = new URLPatternSpec(request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo()));
+ urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
httpMethodSpec = new HTTPMethodSpec(request.getMethod(), HTTPMethodSpec.NA);
}
Modified: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java?rev=431819&r1=431818&r2=431819&view=diff
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java (original)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java Tue Aug 15 21:55:51 2006
@@ -66,7 +66,7 @@
public WebUserDataPermission(HttpServletRequest request) {
super(request.getServletPath());
- urlPatternSpec = new URLPatternSpec(request.getServletPath());
+ urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
httpMethodSpec = new HTTPMethodSpec(request.getMethod(), request.isSecure()? HTTPMethodSpec.CONFIDENTIAL: HTTPMethodSpec.NONE);
}
Added: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java?rev=431819&view=auto
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java (added)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java Tue Aug 15 21:55:51 2006
@@ -0,0 +1,262 @@
+/**
+ *
+ * Copyright 2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.security.jacc;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.Map;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class MockHttpServletRequest implements HttpServletRequest {
+
+ private final String servletPath;
+ private final String pathInfo;
+
+ public MockHttpServletRequest(String servletPath, String pathInfo) {
+ this.servletPath = servletPath;
+ this.pathInfo = pathInfo;
+ }
+
+ public String getAuthType() {
+ return null;
+ }
+
+ public Cookie[] getCookies() {
+ return new Cookie[0];
+ }
+
+ public long getDateHeader(String transOID) {
+ return 0;
+ }
+
+ public String getHeader(String transOID) {
+ return null;
+ }
+
+ public Enumeration getHeaders(String transOID) {
+ return null;
+ }
+
+ public Enumeration getHeaderNames() {
+ return null;
+ }
+
+ public int getIntHeader(String transOID) {
+ return 0;
+ }
+
+ public String getMethod() {
+ return null;
+ }
+
+ public String getPathInfo() {
+ return pathInfo;
+ }
+
+ public String getPathTranslated() {
+ return null;
+ }
+
+ public String getContextPath() {
+ return null;
+ }
+
+ public String getQueryString() {
+ return null;
+ }
+
+ public String getRemoteUser() {
+ return null;
+ }
+
+ public boolean isUserInRole(String transOID) {
+ return false;
+ }
+
+ public Principal getUserPrincipal() {
+ return null;
+ }
+
+ public String getRequestedSessionId() {
+ return null;
+ }
+
+ public String getRequestURI() {
+ return null;
+ }
+
+ public StringBuffer getRequestURL() {
+ return null;
+ }
+
+ public String getServletPath() {
+ return servletPath;
+ }
+
+ public HttpSession getSession(boolean b) {
+ return null;
+ }
+
+ public HttpSession getSession() {
+ return null;
+ }
+
+ public boolean isRequestedSessionIdValid() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromCookie() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromURL() {
+ return false;
+ }
+
+ public boolean isRequestedSessionIdFromUrl() {
+ return false;
+ }
+
+ public Object getAttribute(String transOID) {
+ return null;
+ }
+
+ public Enumeration getAttributeNames() {
+ return null;
+ }
+
+ public String getCharacterEncoding() {
+ return null;
+ }
+
+ public void setCharacterEncoding(String transOID) throws UnsupportedEncodingException {
+
+ }
+
+ public int getContentLength() {
+ return 0;
+ }
+
+ public String getContentType() {
+ return null;
+ }
+
+ public ServletInputStream getInputStream() throws IOException {
+ return null;
+ }
+
+ public String getParameter(String transOID) {
+ return null;
+ }
+
+ public Enumeration getParameterNames() {
+ return null;
+ }
+
+ public String[] getParameterValues(String transOID) {
+ return new String[0];
+ }
+
+ public Map getParameterMap() {
+ return null;
+ }
+
+ public String getProtocol() {
+ return null;
+ }
+
+ public String getScheme() {
+ return null;
+ }
+
+ public String getServerName() {
+ return null;
+ }
+
+ public int getServerPort() {
+ return 0;
+ }
+
+ public BufferedReader getReader() throws IOException {
+ return null;
+ }
+
+ public String getRemoteAddr() {
+ return null;
+ }
+
+ public String getRemoteHost() {
+ return null;
+ }
+
+ public void setAttribute(String transOID, Object object) {
+
+ }
+
+ public void removeAttribute(String transOID) {
+
+ }
+
+ public Locale getLocale() {
+ return null;
+ }
+
+ public Enumeration getLocales() {
+ return null;
+ }
+
+ public boolean isSecure() {
+ return false;
+ }
+
+ public RequestDispatcher getRequestDispatcher(String transOID) {
+ return null;
+ }
+
+ public String getRealPath(String transOID) {
+ return null;
+ }
+
+ public int getRemotePort() {
+ return 0;
+ }
+
+ public String getLocalName() {
+ return null;
+ }
+
+ public String getLocalAddr() {
+ return null;
+ }
+
+ public int getLocalPort() {
+ return 0;
+ }
+}
Propchange: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
------------------------------------------------------------------------------
svn:keywords = Date Revision Id Author
Propchange: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java?rev=431819&r1=431818&r2=431819&view=diff
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java (original)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java Tue Aug 15 21:55:51 2006
@@ -23,16 +23,16 @@
package javax.security.jacc;
-import java.io.ByteArrayOutputStream;
-import java.io.ObjectOutputStream;
import java.io.ByteArrayInputStream;
-import java.io.ObjectInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
import junit.framework.TestCase;
+
/**
- *
* @version $Rev$ $Date$
*/
public class WebUserDataPermissionTest extends TestCase {
@@ -42,11 +42,14 @@
*/
public void testConstructorStringString() {
+ MockHttpServletRequest request = new MockHttpServletRequest("/portal", "/services/services_jdbc/_rp_services_jdbc_row1_col1_p1_adapterDisplayName/1_TranQL0x8Generic0x8JDBC0x8Resource0x8Adapter/_rp_services_jdbc_row1_col1_p1_rarPath/1_tranql0x3tranql-connector0x310x220x3rar/_rp_services_jdbc_row1_col1_p1_mode/1_params/_rp_services_jdbc_row1_col1_p1_driverClass/1_org0x2hsqldb0x2jdbcDriver/_pm_services_jdbc_row1_col1_p1/view/_rp_services_jdbc_row1_col1_p1_dbtype/1_HSQLDB0x8embedded/_rp_services_jdbc_row1_col1_p1_urlPrototype/1_jdbc:hsqldb:{Database}/_st_services_jdbc_row1_col1_p1/normal/_ps_services_jdbc_row1_col1_p1/normal/_pid/services_jdbc_row1_col1_p1/_md_services_jdbc_row1_col1_p1/view/_rp_services_jdbc_row1_col1_p1_name/1_FFFFF");
+ new WebUserDataPermission(URLPatternSpec.encodeColons(request), "GET:NONE");
+
WebUserDataPermission permission = new WebUserDataPermission("/foo", "GET,POST:INTEGRAL");
assertEquals(permission.getName(), "/foo");
assertEquals(permission.getActions(), "GET,POST:INTEGRAL");
-
+
permission = new WebUserDataPermission("/foo", "GET,POST,POST,GET:INTEGRAL");
assertEquals(permission.getActions(), "GET,POST:INTEGRAL");
@@ -54,14 +57,14 @@
try {
permission = new WebUserDataPermission("/foo", "GET,POST,BAR:INTEGRAL");
fail("Bad HTTP method");
- } catch(IllegalArgumentException iae) {
+ } catch (IllegalArgumentException iae) {
}
// If you have a colon, then you must have a transportType
try {
permission = new WebUserDataPermission("/foo", "GET,POST,BAR:");
fail("Missing transportType");
- } catch(IllegalArgumentException iae) {
+ } catch (IllegalArgumentException iae) {
}
}
@@ -89,7 +92,7 @@
WebUserDataPermission permissionFooGP = new WebUserDataPermission("/foo", "GET,POST:INTEGRAL");
WebUserDataPermission permissionFooE = new WebUserDataPermission("/foo", "");
WebUserDataPermission permissionFooGPN = new WebUserDataPermission("/foo", "GET,POST");
-
+
assertTrue(permissionFooE.implies(permissionFooGP));
assertTrue(permissionFooE.implies(permissionFooGPN));
assertFalse(permissionFooGP.implies(permissionFooE));
@@ -104,7 +107,7 @@
*/
public void testConstructorStringStringArray() {
}
-
+
public void testImpliesStringStringArray() {
}
@@ -113,7 +116,7 @@
*/
public void testConstructorHttpServletRequest() {
}
-
+
public void testImpliesHttpServletRequest() {
}
}