You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ge...@apache.org on 2010/10/20 13:55:32 UTC
svn commit: r1025519 -
/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
Author: genspring
Date: Wed Oct 20 11:55:31 2010
New Revision: 1025519
URL: http://svn.apache.org/viewvc?rev=1025519&view=rev
Log:
Somehow, once currentRolePatterns = new HashMap<String, URLPattern>(); is executed.currentPatterns will point to the same reference of currentRolePatterns.
Pull (currentPatterns ==null) out of the loop to avoid the unexpected logic caused by the problem above.
Modified:
geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
Modified: geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java?rev=1025519&r1=1025518&r2=1025519&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java (original)
+++ geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java Wed Oct 20 11:55:31 2010
@@ -108,10 +108,13 @@ public class SpecSecurityBuilder {
currentPatterns = uncheckedPatterns;
}
String transport = securityConstraint.userDataConstraint == null ? "NONE" : securityConstraint.userDataConstraint;
+
+ boolean isRolebasedPatten = (currentPatterns == null);
+
for (WebResourceCollectionInfo webResourceCollection : securityConstraint.webResourceCollections) {
//Calculate HTTP methods list
for (String urlPattern : webResourceCollection.urlPatterns) {
- if (currentPatterns == null) {
+ if (isRolebasedPatten) {
for (String roleName : roleNames) {
Map<String, URLPattern> currentRolePatterns = rolesPatterns.get(roleName);
if (currentRolePatterns == null) {
Re: svn commit: r1025519 - /geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
Posted by Shawn Jiang <ge...@gmail.com>.
Right,I also can't find any code logic error. it's a strange run-time
behavior.
The snippet under "(currentPatterns ==null) " only get executed once because
(currentPatterns ==null) =false after that. In Eclipse debug session, I
could see currentPatterns's object id the same as that of the first
currentRolePatterns object.
On Wed, Oct 20, 2010 at 8:04 PM, Ivan <xh...@gmail.com> wrote:
> Hmm, I do not see this scenario exists, currentPattern is never used while
> calculating the role based security.
> Do we get any cases failed ?
>
> 2010/10/20 <ge...@apache.org>
>
> Author: genspring
>> Date: Wed Oct 20 11:55:31 2010
>> New Revision: 1025519
>>
>> URL: http://svn.apache.org/viewvc?rev=1025519&view=rev
>> Log:
>> Somehow, once currentRolePatterns = new HashMap<String, URLPattern>(); is
>> executed.currentPatterns will point to the same reference of
>> currentRolePatterns.
>>
>> Pull (currentPatterns ==null) out of the loop to avoid the unexpected
>> logic caused by the problem above.
>>
>> Modified:
>>
>> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
>>
>> Modified:
>> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
>> URL:
>> http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java?rev=1025519&r1=1025518&r2=1025519&view=diff
>>
>> ==============================================================================
>> ---
>> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
>> (original)
>> +++
>> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
>> Wed Oct 20 11:55:31 2010
>> @@ -108,10 +108,13 @@ public class SpecSecurityBuilder {
>> currentPatterns = uncheckedPatterns;
>> }
>> String transport = securityConstraint.userDataConstraint ==
>> null ? "NONE" : securityConstraint.userDataConstraint;
>> +
>> + boolean isRolebasedPatten = (currentPatterns == null);
>> +
>> for (WebResourceCollectionInfo webResourceCollection :
>> securityConstraint.webResourceCollections) {
>> //Calculate HTTP methods list
>> for (String urlPattern :
>> webResourceCollection.urlPatterns) {
>> - if (currentPatterns == null) {
>> + if (isRolebasedPatten) {
>> for (String roleName : roleNames) {
>> Map<String, URLPattern> currentRolePatterns =
>> rolesPatterns.get(roleName);
>> if (currentRolePatterns == null) {
>>
>>
>>
>
>
> --
> Ivan
>
--
Shawn
Re: svn commit: r1025519 - /geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
Posted by Ivan <xh...@gmail.com>.
Hmm, I do not see this scenario exists, currentPattern is never used while
calculating the role based security.
Do we get any cases failed ?
2010/10/20 <ge...@apache.org>
> Author: genspring
> Date: Wed Oct 20 11:55:31 2010
> New Revision: 1025519
>
> URL: http://svn.apache.org/viewvc?rev=1025519&view=rev
> Log:
> Somehow, once currentRolePatterns = new HashMap<String, URLPattern>(); is
> executed.currentPatterns will point to the same reference of
> currentRolePatterns.
>
> Pull (currentPatterns ==null) out of the loop to avoid the unexpected logic
> caused by the problem above.
>
> Modified:
>
> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
>
> Modified:
> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
> URL:
> http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java?rev=1025519&r1=1025518&r2=1025519&view=diff
>
> ==============================================================================
> ---
> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
> (original)
> +++
> geronimo/server/trunk/plugins/j2ee/geronimo-web/src/main/java/org/apache/geronimo/web/security/SpecSecurityBuilder.java
> Wed Oct 20 11:55:31 2010
> @@ -108,10 +108,13 @@ public class SpecSecurityBuilder {
> currentPatterns = uncheckedPatterns;
> }
> String transport = securityConstraint.userDataConstraint ==
> null ? "NONE" : securityConstraint.userDataConstraint;
> +
> + boolean isRolebasedPatten = (currentPatterns == null);
> +
> for (WebResourceCollectionInfo webResourceCollection :
> securityConstraint.webResourceCollections) {
> //Calculate HTTP methods list
> for (String urlPattern : webResourceCollection.urlPatterns)
> {
> - if (currentPatterns == null) {
> + if (isRolebasedPatten) {
> for (String roleName : roleNames) {
> Map<String, URLPattern> currentRolePatterns =
> rolesPatterns.get(roleName);
> if (currentRolePatterns == null) {
>
>
>
--
Ivan