geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r538086 - in /geronimo/server/trunk/modules: geronimo-security/src/main/java/org/apache/geronimo/security/util/ geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/ geronimo-web-2.5-builder/src/test/resources/security/
Date Tue, 15 May 2007 08:11:37 GMT
Author: djencks
Date: Tue May 15 01:11:36 2007
New Revision: 538086

URL: http://svn.apache.org/viewvc?view=rev&rev=538086
Log:
GERONIMO-3156 fix HTTPMethods to avoid wrong unchecked permissions

Added:
    geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
  (with props)
Modified:
    geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java
    geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java

Modified: geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java?view=diff&rev=538086&r1=538085&r2=538086
==============================================================================
--- geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java
(original)
+++ geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/util/HTTPMethods.java
Tue May 15 01:11:36 2007
@@ -27,7 +27,7 @@
 /**
  * Tracks sets of HTTP actions for use while computing permissions during web deployment.
  *
- * @version $Rev:$ $Date:$
+ * @version $Rev$ $Date$
  */
 public class HTTPMethods {
     private static final Pattern TOKEN_PATTERN = Pattern.compile("[!-~&&[^\\(\\)\\<\\>@,;:\\\\\"/\\[\\]\\?=\\{\\}]]*");
@@ -46,14 +46,15 @@
 
     public void add(String httpMethod) {
         if (isExcluded) {
-            return;
-        }
-        if (httpMethod.length() == 0) {
+            checkToken(httpMethod);
+            methods.remove(httpMethod);
+        } else if (httpMethod == null || httpMethod.length() == 0) {
             isExcluded = true;
             methods.clear();
+        } else {
+            checkToken(httpMethod);
+            methods.add(httpMethod);
         }
-        checkToken(httpMethod);
-        methods.add(httpMethod);
     }
 
     public HTTPMethods add(HTTPMethods httpMethods) {
@@ -114,6 +115,6 @@
 
 
     public boolean isNone() {
-        return isExcluded && methods.isEmpty();
+        return !isExcluded && methods.isEmpty();
     }
 }

Modified: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java?view=diff&rev=538086&r1=538085&r2=538086
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java
(original)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/java/org/apache/geronimo/web25/deployment/SpecSecurityParsingTest.java
Tue May 15 01:11:36 2007
@@ -66,8 +66,25 @@
         assertTrue(unchecked.implies(new WebResourcePermission("/login.do", "!")));
         assertTrue(unchecked.implies(new WebResourcePermission("/foo", "!")));
         assertFalse(unchecked.implies(new WebResourcePermission("/foo.do", "!")));
-        PermissionCollection adminPermissions = (PermissionCollection) permissions.getRolePermissions().get("Admin");
+        PermissionCollection adminPermissions = permissions.getRolePermissions().get("Admin");
         assertTrue(adminPermissions.implies(new WebResourcePermission("foo.do", "GET,POST")));
+    }
+
+    /**
+     * make sure a resource permission with a role doesn't turn into an unchecked permission
due to mistakes in
+     * HTTPMethod "all" handling
+     * @throws Exception
+     */
+    public void testAllMethodsConstraint() throws Exception {
+        roleSet.add("Admin");
+        URL srcXml = classLoader.getResource("security/web2.xml");
+        WebAppDocument webAppDoc = WebAppDocument.Factory.parse(srcXml, options);
+        WebAppType webAppType = webAppDoc.getWebApp();
+        ComponentPermissions permissions = builder.buildSpecSecurityConfig(webAppType, roleSet,
rolePermissionMap);
+        PermissionCollection unchecked = permissions.getUncheckedPermissions();
+        assertFalse(unchecked.implies(new WebResourcePermission("/Test", "!")));
+        PermissionCollection adminPermissions = permissions.getRolePermissions().get("Admin");
+        assertTrue(adminPermissions.implies(new WebResourcePermission("/Test", "GET,POST")));
     }
 
     public static class TestWebModuleBuilder extends AbstractWebModuleBuilder {

Added: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/security/web2.xml?view=auto&rev=538086
==============================================================================
--- geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
(added)
+++ geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
Tue May 15 01:11:36 2007
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<web-app xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+         version="2.5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee">
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>uncheckedtest1</web-resource-name>
+            <url-pattern>/Test</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>Admin</role-name>
+        </auth-constraint>
+    </security-constraint>
+
+</web-app>

Propchange: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/modules/geronimo-web-2.5-builder/src/test/resources/security/web2.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml



Mime
View raw message