geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r804534 - in /geronimo/server/trunk/plugins: jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
Date Sat, 15 Aug 2009 22:11:08 GMT
Author: djencks
Date: Sat Aug 15 22:11:08 2009
New Revision: 804534

URL: http://svn.apache.org/viewvc?rev=804534&view=rev
Log:
GERONIMO-4645 fix WebUserDataPermission ':' escaping

Modified:
    geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
    geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java

Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java?rev=804534&r1=804533&r2=804534&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
(original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/handler/JettySecurityHandler.java
Sat Aug 15 22:11:08 2009
@@ -137,14 +137,7 @@
         }
 
         try {
-            String transportType;
-            if (request.isSecure()) {
-                transportType = "CONFIDENTIAL";
-            } else if (request.getConnection().isIntegral(request)) {
-                transportType = "INTEGRAL";
-            } else {
-                transportType = "NONE";
-            }
+            boolean notIntegral = request.isSecure() || !request.getConnection().isIntegral(request);
 
             Authenticator authenticator = getAuthenticator();
             boolean isAuthenticated = false;
@@ -180,7 +173,12 @@
             /**
              * JACC v1.0 section 4.1.1
              */
-            WebUserDataPermission wudp = new WebUserDataPermission(pathInContext, new String[]{request.getMethod()},
transportType);
+            WebUserDataPermission wudp;
+            if (notIntegral) {
+                wudp = new WebUserDataPermission(request);
+            } else {
+                wudp = new WebUserDataPermission(encodeColons(request), new String[]{request.getMethod()},
"INTEGRAL");
+            }
             acc.checkPermission(wudp);
 
             WebResourcePermission webResourcePermission = new WebResourcePermission(request);
@@ -218,6 +216,15 @@
         return true;
     }
 
+    private static String encodeColons(HttpServletRequest request) {
+        String result = request.getServletPath() + (request.getPathInfo() == null ? "" :
request.getPathInfo());
+
+        if (result.indexOf(":") > -1) result = result.replaceAll(":", "%3A");
+
+        return result;
+    }
+    
+
     /**
      * Generate the default principal from the security config.
      *

Modified: geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java?rev=804534&r1=804533&r2=804534&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
(original)
+++ geronimo/server/trunk/plugins/jetty7/geronimo-jetty7/src/main/java/org/apache/geronimo/jetty7/handler/JaccSecurityHandler.java
Sat Aug 15 22:11:08 2009
@@ -99,20 +99,18 @@
     }
 
     protected boolean checkUserDataPermissions(String pathInContext, Request request, Response
response, Object constraintInfo) throws IOException {
-        try {
-            String transportType;
-            if (request.isSecure()) {
-                transportType = "CONFIDENTIAL";
-            } else if (request.getConnection().isIntegral(request)) {
-                transportType = "INTEGRAL";
-            } else {
-                transportType = "NONE";
-            }
+        boolean notIntegral = request.isSecure() || !request.getConnection().isIntegral(request);
 
+        try {
             /**
              * JACC v1.0 section 4.1.1
              */
-            WebUserDataPermission wudp = new WebUserDataPermission(pathInContext, new String[]{request.getMethod()},
transportType);
+            WebUserDataPermission wudp;
+            if (notIntegral) {
+                wudp = new WebUserDataPermission(request);
+            } else {
+                wudp = new WebUserDataPermission(encodeColons(request), new String[]{request.getMethod()},
"INTEGRAL");
+            }
             defaultAcc.checkPermission(wudp);
             return true;
         } catch (AccessControlException e) {
@@ -121,6 +119,14 @@
         }
     }
 
+    private static String encodeColons(HttpServletRequest request) {
+        String result = request.getServletPath() + (request.getPathInfo() == null ? "" :
request.getPathInfo());
+
+        if (result.indexOf(":") > -1) result = result.replaceAll(":", "%3A");
+
+        return result;
+    }
+
     protected boolean isAuthMandatory(Request base_request, Response base_response, Object
constraintInfo) {
         return !checkWebResourcePermission(base_request, defaultAcc);
     }



Mime
View raw message