geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r431819 - in /geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src: main/java/javax/security/jacc/ test/java/javax/security/jacc/
Date Wed, 16 Aug 2006 04:55:51 GMT
Author: adc
Date: Tue Aug 15 21:55:51 2006
New Revision: 431819

URL: http://svn.apache.org/viewvc?rev=431819&view=rev
Log:
GERONIMO-2327 Need to encode colons for JACC web permissions

Added:
    geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
  (with props)
Modified:
    geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java
    geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java
    geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java
    geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java

Modified: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java?rev=431819&r1=431818&r2=431819&view=diff
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java
(original)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/URLPatternSpec.java
Tue Aug 15 21:55:51 2006
@@ -25,9 +25,10 @@
 
 import java.util.Iterator;
 import java.util.LinkedList;
+import javax.servlet.http.HttpServletRequest;
+
 
 /**
- *
  * @version $Rev$ $Date$
  */
 final class URLPatternSpec {
@@ -46,7 +47,7 @@
         first = new URLPattern(tokens[0]);
 
         URLPattern candidate;
-        for (int i=1; i<tokens.length; i++) {
+        for (int i = 1; i < tokens.length; i++) {
             candidate = new URLPattern(tokens[i]);
 
             // No pattern may exist in the URLPatternList that matches the first pattern.
@@ -54,18 +55,16 @@
                 throw new java.lang.IllegalArgumentException("Qualifier patterns in the URLPatternSpec
cannot match the first URLPattern");
             }
 
-            if (first.type == URLPattern.PATH_PREFIX ) {
+            if (first.type == URLPattern.PATH_PREFIX) {
 
                 // If the first pattern is a path-prefix pattern, only exact patterns
                 // matched by the first pattern and path-prefix patterns matched by,
                 // but different from, the first pattern may occur in the URLPatternList.
 
-                if (candidate.type == URLPattern.EXACT && !first.matches(candidate))
-                {
+                if (candidate.type == URLPattern.EXACT && !first.matches(candidate))
{
                     throw new java.lang.IllegalArgumentException("Exact qualifier patterns
in the URLPatternSpec must be matched by the first URLPattern");
-                }
-                else if (candidate.type == URLPattern.PATH_PREFIX
-                         && !(first.matches(candidate) && first.pattern.length()
< candidate.pattern.length()))
+                } else if (candidate.type == URLPattern.PATH_PREFIX
+                           && !(first.matches(candidate) && first.pattern.length()
< candidate.pattern.length()))
                 {
                     throw new java.lang.IllegalArgumentException("path-prefix qualifier patterns
in the URLPatternSpec must be matched by, but different from, the first URLPattern");
                 } else if (candidate.type == URLPattern.EXTENSION) {
@@ -125,7 +124,7 @@
         // of this permission.
         Iterator iter1 = qualifiers.iterator();
         while (iter1.hasNext()) {
-            if (((URLPattern)iter1.next()).matches(p.first)) return false;
+            if (((URLPattern) iter1.next()).matches(p.first)) return false;
         }
 
         // If the first URLPattern in the name of the argument permission
@@ -138,11 +137,11 @@
 
             while (iter2.hasNext()) {
                 Iterator iter3 = qualifiers.iterator();
-                URLPattern test = (URLPattern)iter2.next();
+                URLPattern test = (URLPattern) iter2.next();
                 boolean found = false;
 
                 while (iter3.hasNext()) {
-                    if (test.matches((URLPattern)iter3.next())) {
+                    if (test.matches((URLPattern) iter3.next())) {
                         found = true;
                         break;
                     }
@@ -154,11 +153,21 @@
         return true;
     }
 
+    static String encodeColons(HttpServletRequest request) {
+        String result = request.getServletPath() + (request.getPathInfo() == null ? "" :
request.getPathInfo());
+
+        if (result.indexOf("%3A") > -1) result = result.replaceAll("%3A", "%3A%3A");
+        if (result.indexOf(":") > -1) result = result.replaceAll(":", "%3A");
+
+        return result;
+    }
+
     private class URLPattern {
-        public final static int EXACT       = 0x0;
+
+        public final static int EXACT = 0x0;
         public final static int PATH_PREFIX = 0x1;
-        public final static int EXTENSION   = 0x2;
-        public final static int DEFAULT     = 0x4;
+        public final static int EXTENSION = 0x2;
+        public final static int DEFAULT = 0x4;
 
         public int type;
         public String pattern;
@@ -167,7 +176,7 @@
             if (pat == null) throw new java.lang.IllegalArgumentException("URLPattern cannot
be null");
             if (pat.length() == 0) throw new java.lang.IllegalArgumentException("URLPattern
cannot be empty");
 
-            if (pat.equals("/") || pat.equals("/*") ) {
+            if (pat.equals("/") || pat.equals("/*")) {
                 type = DEFAULT;
             } else if (pat.charAt(0) == '/' && pat.endsWith("/*")) {
                 type = PATH_PREFIX;
@@ -194,10 +203,10 @@
                 // 2 characters, and the next character of the argument pattern,
                 // if there is one, is "/"
                 case PATH_PREFIX: {
-                    int length = pattern.length()-2;
+                    int length = pattern.length() - 2;
                     if (length > test.length()) return false;
 
-                    for (int i=0; i<length; i++) {
+                    for (int i = 0; i < length; i++) {
                         if (pattern.charAt(i) != test.charAt(i)) return false;
                     }
 

Modified: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java?rev=431819&r1=431818&r2=431819&view=diff
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java
(original)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebResourcePermission.java
Tue Aug 15 21:55:51 2006
@@ -44,7 +44,7 @@
     public WebResourcePermission(HttpServletRequest request) {
         super(request.getServletPath());
 
-        urlPatternSpec = new URLPatternSpec(request.getServletPath() + (request.getPathInfo()
== null ? "" : request.getPathInfo()));
+        urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
         httpMethodSpec = new HTTPMethodSpec(request.getMethod(), HTTPMethodSpec.NA);
     }
 

Modified: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java?rev=431819&r1=431818&r2=431819&view=diff
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java
(original)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/main/java/javax/security/jacc/WebUserDataPermission.java
Tue Aug 15 21:55:51 2006
@@ -66,7 +66,7 @@
     public WebUserDataPermission(HttpServletRequest request) {
         super(request.getServletPath());
 
-        urlPatternSpec = new URLPatternSpec(request.getServletPath());
+        urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
         httpMethodSpec = new HTTPMethodSpec(request.getMethod(), request.isSecure()? HTTPMethodSpec.CONFIDENTIAL:
HTTPMethodSpec.NONE);
     }
 

Added: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java?rev=431819&view=auto
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
(added)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
Tue Aug 15 21:55:51 2006
@@ -0,0 +1,262 @@
+/**
+ *
+ * Copyright 2006 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.jacc;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.Map;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+
+/**
+ * @version $Rev$ $Date$
+ */
+public class MockHttpServletRequest implements HttpServletRequest {
+
+    private final String servletPath;
+    private final String pathInfo;
+
+    public MockHttpServletRequest(String servletPath, String pathInfo) {
+        this.servletPath = servletPath;
+        this.pathInfo = pathInfo;
+    }
+
+    public String getAuthType() {
+        return null;
+    }
+
+    public Cookie[] getCookies() {
+        return new Cookie[0];
+    }
+
+    public long getDateHeader(String transOID) {
+        return 0;
+    }
+
+    public String getHeader(String transOID) {
+        return null;
+    }
+
+    public Enumeration getHeaders(String transOID) {
+        return null;
+    }
+
+    public Enumeration getHeaderNames() {
+        return null;
+    }
+
+    public int getIntHeader(String transOID) {
+        return 0;
+    }
+
+    public String getMethod() {
+        return null;
+    }
+
+    public String getPathInfo() {
+        return pathInfo;
+    }
+
+    public String getPathTranslated() {
+        return null;
+    }
+
+    public String getContextPath() {
+        return null;
+    }
+
+    public String getQueryString() {
+        return null;
+    }
+
+    public String getRemoteUser() {
+        return null;
+    }
+
+    public boolean isUserInRole(String transOID) {
+        return false;
+    }
+
+    public Principal getUserPrincipal() {
+        return null;
+    }
+
+    public String getRequestedSessionId() {
+        return null;
+    }
+
+    public String getRequestURI() {
+        return null;
+    }
+
+    public StringBuffer getRequestURL() {
+        return null;
+    }
+
+    public String getServletPath() {
+        return servletPath;
+    }
+
+    public HttpSession getSession(boolean b) {
+        return null;
+    }
+
+    public HttpSession getSession() {
+        return null;
+    }
+
+    public boolean isRequestedSessionIdValid() {
+        return false;
+    }
+
+    public boolean isRequestedSessionIdFromCookie() {
+        return false;
+    }
+
+    public boolean isRequestedSessionIdFromURL() {
+        return false;
+    }
+
+    public boolean isRequestedSessionIdFromUrl() {
+        return false;
+    }
+
+    public Object getAttribute(String transOID) {
+        return null;
+    }
+
+    public Enumeration getAttributeNames() {
+        return null;
+    }
+
+    public String getCharacterEncoding() {
+        return null;
+    }
+
+    public void setCharacterEncoding(String transOID) throws UnsupportedEncodingException
{
+
+    }
+
+    public int getContentLength() {
+        return 0;
+    }
+
+    public String getContentType() {
+        return null;
+    }
+
+    public ServletInputStream getInputStream() throws IOException {
+        return null;
+    }
+
+    public String getParameter(String transOID) {
+        return null;
+    }
+
+    public Enumeration getParameterNames() {
+        return null;
+    }
+
+    public String[] getParameterValues(String transOID) {
+        return new String[0];
+    }
+
+    public Map getParameterMap() {
+        return null;
+    }
+
+    public String getProtocol() {
+        return null;
+    }
+
+    public String getScheme() {
+        return null;
+    }
+
+    public String getServerName() {
+        return null;
+    }
+
+    public int getServerPort() {
+        return 0;
+    }
+
+    public BufferedReader getReader() throws IOException {
+        return null;
+    }
+
+    public String getRemoteAddr() {
+        return null;
+    }
+
+    public String getRemoteHost() {
+        return null;
+    }
+
+    public void setAttribute(String transOID, Object object) {
+
+    }
+
+    public void removeAttribute(String transOID) {
+
+    }
+
+    public Locale getLocale() {
+        return null;
+    }
+
+    public Enumeration getLocales() {
+        return null;
+    }
+
+    public boolean isSecure() {
+        return false;
+    }
+
+    public RequestDispatcher getRequestDispatcher(String transOID) {
+        return null;
+    }
+
+    public String getRealPath(String transOID) {
+        return null;
+    }
+
+    public int getRemotePort() {
+        return 0;
+    }
+
+    public String getLocalName() {
+        return null;
+    }
+
+    public String getLocalAddr() {
+        return null;
+    }
+
+    public int getLocalPort() {
+        return 0;
+    }
+}

Propchange: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision Id Author

Propchange: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/MockHttpServletRequest.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java
URL: http://svn.apache.org/viewvc/geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java?rev=431819&r1=431818&r2=431819&view=diff
==============================================================================
--- geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java
(original)
+++ geronimo/specs/branches/1_1/geronimo-spec-j2ee-jacc/src/test/java/javax/security/jacc/WebUserDataPermissionTest.java
Tue Aug 15 21:55:51 2006
@@ -23,16 +23,16 @@
 
 package javax.security.jacc;
 
-import java.io.ByteArrayOutputStream;
-import java.io.ObjectOutputStream;
 import java.io.ByteArrayInputStream;
-import java.io.ObjectInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 
 import junit.framework.TestCase;
 
+
 /**
- *
  * @version $Rev$ $Date$
  */
 public class WebUserDataPermissionTest extends TestCase {
@@ -42,11 +42,14 @@
      */
     public void testConstructorStringString() {
 
+        MockHttpServletRequest request = new MockHttpServletRequest("/portal", "/services/services_jdbc/_rp_services_jdbc_row1_col1_p1_adapterDisplayName/1_TranQL0x8Generic0x8JDBC0x8Resource0x8Adapter/_rp_services_jdbc_row1_col1_p1_rarPath/1_tranql0x3tranql-connector0x310x220x3rar/_rp_services_jdbc_row1_col1_p1_mode/1_params/_rp_services_jdbc_row1_col1_p1_driverClass/1_org0x2hsqldb0x2jdbcDriver/_pm_services_jdbc_row1_col1_p1/view/_rp_services_jdbc_row1_col1_p1_dbtype/1_HSQLDB0x8embedded/_rp_services_jdbc_row1_col1_p1_urlPrototype/1_jdbc:hsqldb:{Database}/_st_services_jdbc_row1_col1_p1/normal/_ps_services_jdbc_row1_col1_p1/normal/_pid/services_jdbc_row1_col1_p1/_md_services_jdbc_row1_col1_p1/view/_rp_services_jdbc_row1_col1_p1_name/1_FFFFF");
+        new WebUserDataPermission(URLPatternSpec.encodeColons(request), "GET:NONE");
+
         WebUserDataPermission permission = new WebUserDataPermission("/foo", "GET,POST:INTEGRAL");
 
         assertEquals(permission.getName(), "/foo");
         assertEquals(permission.getActions(), "GET,POST:INTEGRAL");
-        
+
         permission = new WebUserDataPermission("/foo", "GET,POST,POST,GET:INTEGRAL");
         assertEquals(permission.getActions(), "GET,POST:INTEGRAL");
 
@@ -54,14 +57,14 @@
         try {
             permission = new WebUserDataPermission("/foo", "GET,POST,BAR:INTEGRAL");
             fail("Bad HTTP method");
-        } catch(IllegalArgumentException iae) {
+        } catch (IllegalArgumentException iae) {
         }
 
         // If you have a colon, then you must have a transportType
         try {
             permission = new WebUserDataPermission("/foo", "GET,POST,BAR:");
             fail("Missing transportType");
-        } catch(IllegalArgumentException iae) {
+        } catch (IllegalArgumentException iae) {
         }
     }
 
@@ -89,7 +92,7 @@
         WebUserDataPermission permissionFooGP = new WebUserDataPermission("/foo", "GET,POST:INTEGRAL");
         WebUserDataPermission permissionFooE = new WebUserDataPermission("/foo", "");
         WebUserDataPermission permissionFooGPN = new WebUserDataPermission("/foo", "GET,POST");
-        
+
         assertTrue(permissionFooE.implies(permissionFooGP));
         assertTrue(permissionFooE.implies(permissionFooGPN));
         assertFalse(permissionFooGP.implies(permissionFooE));
@@ -104,7 +107,7 @@
      */
     public void testConstructorStringStringArray() {
     }
-    
+
     public void testImpliesStringStringArray() {
     }
 
@@ -113,7 +116,7 @@
      */
     public void testConstructorHttpServletRequest() {
     }
-    
+
     public void testImpliesHttpServletRequest() {
     }
 }



Mime
View raw message