You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/12/30 22:59:31 UTC
svn commit: r607596 - in /tomcat/trunk: java/org/apache/catalina/ha/session/
test/org/apache/catalina/ha/ test/org/apache/catalina/ha/session/
Author: markt
Date: Sun Dec 30 13:59:31 2007
New Revision: 607596
URL: http://svn.apache.org/viewvc?rev=607596&view=rev
Log:
Implement a fix for bug 43840 along with a rudimentary test case.
Added:
tomcat/trunk/test/org/apache/catalina/ha/
tomcat/trunk/test/org/apache/catalina/ha/session/
tomcat/trunk/test/org/apache/catalina/ha/session/TestPrincipal.java (with props)
tomcat/trunk/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/ha/session/SerializablePrincipal.java
Modified: tomcat/trunk/java/org/apache/catalina/ha/session/SerializablePrincipal.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ha/session/SerializablePrincipal.java?rev=607596&r1=607595&r2=607596&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/ha/session/SerializablePrincipal.java (original)
+++ tomcat/trunk/java/org/apache/catalina/ha/session/SerializablePrincipal.java Sun Dec 30 13:59:31 2007
@@ -19,31 +19,37 @@
package org.apache.catalina.ha.session;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
+import java.io.Serializable;
+
+import java.security.Principal;
+
import java.util.Arrays;
import java.util.List;
+
import org.apache.catalina.Realm;
+import org.apache.catalina.realm.GenericPrincipal;
/**
* Generic implementation of <strong>java.security.Principal</strong> that
* is available for use by <code>Realm</code> implementations.
- * The GenericPrincipal does NOT implement serializable and I didn't want to change that implementation
- * hence I implemented this one instead.
+ * The GenericPrincipal does NOT implement serializable and I didn't want to
+ * change that implementation hence I implemented this one instead.
* @author Filip Hanik
* @version $Revision$ $Date$
*/
-import org.apache.catalina.realm.GenericPrincipal;
-import java.io.ObjectInput;
-import java.io.ObjectOutput;
public class SerializablePrincipal implements java.io.Serializable {
// ----------------------------------------------------------- Constructors
- public SerializablePrincipal()
- {
+ public SerializablePrincipal() {
super();
}
+
+
/**
* Construct a new Principal, associated with the specified Realm, for the
* specified username and password.
@@ -70,7 +76,24 @@
* @param roles List of roles (must be Strings) possessed by this user
*/
public SerializablePrincipal(Realm realm, String name, String password,
- List roles) {
+ List<String> roles) {
+ this(realm, name, password, roles, null);
+ }
+
+
+ /**
+ * Construct a new Principal, associated with the specified Realm, for the
+ * specified username and password, with the specified role names
+ * (as Strings).
+ *
+ * @param realm The Realm that owns this principal
+ * @param name The username of the user represented by this Principal
+ * @param password Credentials used to authenticate this user
+ * @param roles List of roles (must be Strings) possessed by this user
+ * @param userPrincipal The user principal to be exposed to applications
+ */
+ public SerializablePrincipal(Realm realm, String name, String password,
+ List<String> roles, Principal userPrincipal) {
super();
this.realm = realm;
@@ -78,10 +101,11 @@
this.password = password;
if (roles != null) {
this.roles = new String[roles.size()];
- this.roles = (String[]) roles.toArray(this.roles);
+ this.roles = roles.toArray(this.roles);
if (this.roles.length > 0)
Arrays.sort(this.roles);
}
+ this.userPrincipal = userPrincipal;
}
@@ -136,6 +160,11 @@
}
+ /**
+ * The user principal, if present.
+ */
+ protected Principal userPrincipal = null;
+
// --------------------------------------------------------- Public Methods
@@ -160,12 +189,15 @@
return new SerializablePrincipal(principal.getRealm(),
principal.getName(),
principal.getPassword(),
- principal.getRoles()!=null?Arrays.asList(principal.getRoles()):null);
+ principal.getRoles()!=null?Arrays.asList(principal.getRoles()):null,
+ principal.getUserPrincipal()!=principal?principal.getUserPrincipal():null);
}
public GenericPrincipal getPrincipal( Realm realm )
{
- return new GenericPrincipal(realm,name,password,getRoles()!=null?Arrays.asList(getRoles()):null);
+ return new GenericPrincipal(realm, name, password,
+ getRoles()!=null?Arrays.asList(getRoles()):null,
+ userPrincipal);
}
public static GenericPrincipal readPrincipal(ObjectInput in, Realm realm) throws java.io.IOException{
@@ -176,7 +208,18 @@
int size = in.readInt();
String[] roles = new String[size];
for ( int i=0; i<size; i++ ) roles[i] = in.readUTF();
- return new GenericPrincipal(realm,name,pwd,Arrays.asList(roles));
+ Principal innerPrincipal = null;
+ boolean hasInnerPrincipal = in.readBoolean();
+ if (hasInnerPrincipal) {
+ try {
+ innerPrincipal = (Principal) in.readObject();
+ } catch (ClassNotFoundException e) {
+ // Failed to read inner Principal
+ e.printStackTrace();
+ }
+ }
+ return new GenericPrincipal(realm,name,pwd,Arrays.asList(roles),
+ innerPrincipal);
}
public static void writePrincipal(GenericPrincipal p, ObjectOutput out) throws java.io.IOException {
@@ -187,6 +230,10 @@
if ( roles == null ) roles = new String[0];
out.writeInt(roles.length);
for ( int i=0; i<roles.length; i++ ) out.writeUTF(roles[i]);
+ boolean hasInnerPrincipal = (p != p.getUserPrincipal() &&
+ p.getUserPrincipal() instanceof Serializable);
+ out.writeBoolean(hasInnerPrincipal);
+ if (hasInnerPrincipal) out.writeObject(p.getUserPrincipal());
}
Added: tomcat/trunk/test/org/apache/catalina/ha/session/TestPrincipal.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/ha/session/TestPrincipal.java?rev=607596&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/ha/session/TestPrincipal.java (added)
+++ tomcat/trunk/test/org/apache/catalina/ha/session/TestPrincipal.java Sun Dec 30 13:59:31 2007
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.ha.session;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+public class TestPrincipal implements Principal, Serializable {
+
+ private String name;
+
+ public TestPrincipal(String theName) {
+ name = theName;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+}
\ No newline at end of file
Propchange: tomcat/trunk/test/org/apache/catalina/ha/session/TestPrincipal.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: tomcat/trunk/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java?rev=607596&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java (added)
+++ tomcat/trunk/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java Sun Dec 30 13:59:31 2007
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.ha.session;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.catalina.realm.GenericPrincipal;
+
+import junit.framework.TestCase;
+
+public class TestSerializablePrincipal extends TestCase {
+
+ /**
+ * Simple serialization / de-serialization test for bug 43840.
+ */
+ public void testWriteReadPrincipal() {
+ // Get a temporary file to use for the serialization test
+ File file = null;
+ try {
+ file = File.createTempFile("ser", null);
+ file.deleteOnExit();
+ } catch (IOException e) {
+ e.printStackTrace();
+ fail("ioe creating temporary file");
+ }
+
+ // Create the Principal to serialize
+ List<String> roles = new ArrayList<String>();
+ roles.add("RoleA");
+ roles.add("RoleB");
+ TestPrincipal tpOriginal = new TestPrincipal("inner");
+ GenericPrincipal gpOriginal =
+ new GenericPrincipal(null, "usr", "pwd", roles, tpOriginal);
+
+ // Do the serialization
+ try {
+ FileOutputStream fos = new FileOutputStream(file);
+ ObjectOutputStream oos = new ObjectOutputStream(fos);
+ SerializablePrincipal.writePrincipal(gpOriginal, oos);
+ oos.close();
+ fos.close();
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ fail("fnfe creating object output stream");
+ } catch (IOException e) {
+ e.printStackTrace();
+ fail("ioe serializing principal");
+ }
+
+ // De-serialize the Principal
+ GenericPrincipal gpNew = null;
+ try {
+ FileInputStream fis = new FileInputStream(file);
+ ObjectInputStream ois = new ObjectInputStream(fis);
+ gpNew = SerializablePrincipal.readPrincipal(ois, null);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ fail("fnfe reading object output stream");
+ } catch (IOException e) {
+ e.printStackTrace();
+ fail("ioe de-serializing principal");
+ }
+
+ // Now test how similar original and de-serialized versions are
+ assertEquals("User names different", gpOriginal.getName(),
+ gpNew.getName());
+ assertEquals("Passwords different", gpOriginal.getPassword(),
+ gpNew.getPassword());
+ assertEquals("Number of roles different", gpOriginal.getRoles().length,
+ gpNew.getRoles().length);
+ for (int i = 0; i < gpOriginal.getRoles().length; i++) {
+ assertEquals("Role name index " + i + "different",
+ gpOriginal.getRoles()[i], gpNew.getRoles()[i]);
+ }
+ // These are the key tests for bug 43840
+ assertNotSame("Inner principal not present", gpNew,
+ gpNew.getUserPrincipal());
+ assertEquals("Inner user names are different", tpOriginal.getName(),
+ gpNew.getUserPrincipal().getName());
+ }
+
+}
Propchange: tomcat/trunk/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java
------------------------------------------------------------------------------
svn:eol-style = native
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org