geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r431928 - in /geronimo/branches/1.1/modules: jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Date Wed, 16 Aug 2006 15:53:37 GMT
Author: adc
Date: Wed Aug 16 08:53:36 2006
New Revision: 431928

URL: http://svn.apache.org/viewvc?rev=431928&view=rev
Log:
GERONIMO-2327 Need to encode colons for JACC web permissions

Modified:
    geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
    geronimo/branches/1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java

Modified: geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java?rev=431928&r1=431927&r2=431928&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
(original)
+++ geronimo/branches/1.1/modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Wed Aug 16 08:53:36 2006
@@ -1,6 +1,6 @@
 /**
  *
- * Copyright 2003-2005 The Apache Software Foundation
+ * Copyright 2003-2006 The Apache Software Foundation
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -21,12 +21,19 @@
 import java.security.AccessControlException;
 import java.security.PermissionCollection;
 import java.security.Principal;
-
 import javax.security.auth.Subject;
 import javax.security.jacc.PolicyContext;
 import javax.security.jacc.WebResourcePermission;
 import javax.security.jacc.WebUserDataPermission;
 
+import org.mortbay.http.Authenticator;
+import org.mortbay.http.HttpException;
+import org.mortbay.http.HttpRequest;
+import org.mortbay.http.HttpResponse;
+import org.mortbay.http.SecurityConstraint;
+import org.mortbay.jetty.servlet.FormAuthenticator;
+import org.mortbay.jetty.servlet.ServletHttpRequest;
+
 import org.apache.geronimo.common.DeploymentException;
 import org.apache.geronimo.common.GeronimoSecurityException;
 import org.apache.geronimo.jetty.JAASJettyPrincipal;
@@ -37,13 +44,6 @@
 import org.apache.geronimo.security.SubjectId;
 import org.apache.geronimo.security.deploy.DefaultPrincipal;
 import org.apache.geronimo.security.util.ConfigurationUtil;
-import org.mortbay.http.Authenticator;
-import org.mortbay.http.HttpException;
-import org.mortbay.http.HttpRequest;
-import org.mortbay.http.HttpResponse;
-import org.mortbay.http.SecurityConstraint;
-import org.mortbay.jetty.servlet.FormAuthenticator;
-import org.mortbay.jetty.servlet.ServletHttpRequest;
 
 
 /**
@@ -75,7 +75,8 @@
                                       PermissionCollection checkedPermissions,
                                       PermissionCollection excludedPermissions,
                                       JAASJettyRealm realm,
-                                      ClassLoader classLoader) {
+                                      ClassLoader classLoader)
+    {
         assert realm != null;
         assert authenticator != null;
 
@@ -176,16 +177,7 @@
 
         try {
             ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();
-            String transportType;
-            if (request.isConfidential()) {
-                transportType = "CONFIDENTIAL";
-            } else if (request.isIntegral()) {
-                transportType = "INTEGRAL";
-            } else {
-                transportType = "NONE";
-            }
-            WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest.getServletPath()
+ (servletHttpRequest.getPathInfo() == null ? "" : servletHttpRequest.getPathInfo()),
-                                                                   new String[]{servletHttpRequest.getMethod()},
transportType);
+            WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest);
             WebResourcePermission webResourcePermission = new WebResourcePermission(servletHttpRequest);
             Principal user = obtainUser(pathInContext, request, response, webResourcePermission,
wudp);
 
@@ -262,7 +254,7 @@
         /**
          * No authentication is required.  Return the defaultPrincipal.
          */
-    //TODO use run-as as nextCaller if present
+        //TODO use run-as as nextCaller if present
         ContextManager.setCallers(defaultPrincipal.getSubject(), defaultPrincipal.getSubject());
         return defaultPrincipal;
     }

Modified: geronimo/branches/1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java?rev=431928&r1=431927&r2=431928&view=diff
==============================================================================
--- geronimo/branches/1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
(original)
+++ geronimo/branches/1.1/modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
Wed Aug 16 08:53:36 2006
@@ -121,14 +121,7 @@
             /**
              * JACC v1.0 secion 4.1.1
              */
-            String transportType;
-            if (request.isSecure()) {
-                transportType = "CONFIDENTIAL";
-                //What about INTEGRAL?? Does Tomcat support it??
-            } else {
-                transportType = "NONE";
-            }
-            WebUserDataPermission wudp = new WebUserDataPermission(request.getServletPath()
+ (request.getPathInfo() == null ? "" : request.getPathInfo()), new String[]{request.getMethod()},
transportType);
+            WebUserDataPermission wudp = new WebUserDataPermission(request);
             acc.checkPermission(wudp);
 
         } catch (AccessControlException ace) {



Mime
View raw message