tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "philippe.leothaud" <philippe.leoth...@wanadoo.fr>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java
Date Thu, 11 Dec 2003 15:41:18 GMT
Hi,

I've been refactoring the piece of code I sent last time, and I've got that
now :

    - the following method just replaces the
findSecurityConstraints(HttpRequest request, Context context) method in
RealmBase
    - there is this static Map cache which caches the fake Constraints
mapped to (URI, http-method) couples to add
    - lastly, the matchPattern(String path, String pattern) must be made
public.

It works OK for me, hope it helps


Philippe Leothaud


 private static Map cache = new HashMap();
 private final static String NULL_CONSTRAINT = "";

 /**
  * Retrieve from cache or build and return a custom
<code>SecurityConstraint</code> merging all valid
  * <code>SecurityConstraint</code>s for the given method and URI, or
<code>null</code>
  * if there is no such <code>SecurityConstraint</code>
  *
  * @param allConstraints : all the <code>SecurityConstraint</code>s defined
in <code>web.xml</code>
  * @param req                : the request of the User
  *
  * @return                       : the custom
<code>SecurityConstraint</code>, wrapped in an array of
  *                                      <code>SecurityConstraint</code>s
(to not break AuthenticatorBase and RealmBase API)
  */
 public SecurityConstraint[] findSecurityConstraints(HttpRequest request,
Context context) {

   // Get allConstraints Context
  SecurityConstraint allConstraints[] = context.findConstraints();
  if ((allConstraints == null) || (allConstraints.length == 0)) {
    if (log.isDebugEnabled())
      log.debug("  No applicable constraints defined");
    return (null);
  }

   // Get URI and method from request
  HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
  String requestURI = request.getDecodedRequestURI();
  String contextPath = hreq.getContextPath();
  if (contextPath.length() > 0)
   requestURI = requestURI.substring(contextPath.length());

  String method = hreq.getMethod();

  if ((allConstraints == null) || (allConstraints.length == 0)) {
    if (log.isDebugEnabled())
      log.debug("  No applicable constraints defined");
    return (null);
  }

  // Did we already do the job ?
  Object cached = cache.get(requestURI + "::" + method);

  // No : let's work a bit
  if(cached == null) {
   // Determining valid constraints, checking the constraints' url-patterns
against the given requestURI
   Map constraintsAndCollections = null;
   String bestMatch = "";
   for (int i = 0; i < allConstraints.length; i++) {
    String constraintBestMatch = "";
    SecurityCollection[] collections = allConstraints[i].findCollections();
    for (int j = 0; j < collections.length; j++) {
     String patterns[] = collections[j].findPatterns();
     for (int k = 0; k < patterns.length; k++)
      if (allConstraints[i].matchPattern(requestURI, patterns[k])
          && patterns[k].length() > bestMatch.length())
       bestMatch = patterns[k];
    }
    if (constraintBestMatch.length() > bestMatch.length())
     bestMatch = constraintBestMatch;
   }
   for (int i = 0; i < allConstraints.length; i++) {
    SecurityCollection[] collections = allConstraints[i].findCollections();
    List matchingWebCollections = null;
    for (int j = 0; j < collections.length; j++) {
     String patterns[] = collections[j].findPatterns();
     for (int k = 0; k < patterns.length; k++) {
      if (bestMatch.equals(patterns[k])) {
       if(matchingWebCollections == null)
        matchingWebCollections = new ArrayList();
       matchingWebCollections.add(collections[j]);
       break;
      }
     }
    }
    if (matchingWebCollections != null) {
     if (constraintsAndCollections == null)
      constraintsAndCollections = new HashMap();
     constraintsAndCollections.put(allConstraints[i],
matchingWebCollections);
    }
   }
   if (constraintsAndCollections == null) {
    cache.put(requestURI + "::" + method, NULL_CONSTRAINT);
    return null;
   }

   // Determining valid constraints, checking the constraints' constrained
methods against the given method
   Set matchingConstraints = constraintsAndCollections.keySet();
   Iterator matchingConstraintsIterator = matchingConstraints.iterator();
   while (matchingConstraintsIterator.hasNext()) {
    SecurityConstraint constraint = (SecurityConstraint)
matchingConstraintsIterator.next();
    List matchingWebCollections = (List)
constraintsAndCollections.get(constraint);
    Iterator matchingWebCollectionsIterator =
matchingWebCollections.iterator();
    boolean methodIsProtected = false;
    while (matchingWebCollectionsIterator.hasNext()) {
     SecurityCollection collection = (SecurityCollection)
matchingWebCollectionsIterator.next();
     String[] constrainedMethods = collection.findMethods();
     if (constrainedMethods == null || constrainedMethods.length == 0) {
      methodIsProtected = true;
      break;
     }
     for (int i = 0; i < constrainedMethods.length; i++) {
      if (method.equals(constrainedMethods[i])) {
       methodIsProtected = true;
       break;
      }
     }
     if (methodIsProtected)
      break;
    }
    if (!methodIsProtected)
     matchingConstraintsIterator.remove();
   }
   if (matchingConstraints.size() == 0) {
    cache.put(requestURI + "::" + method, NULL_CONSTRAINT);
    return null;
   }

   // Determining the global userConstraints
   SecurityConstraint mergedSecurityConstraint = new SecurityConstraint();
   mergedSecurityConstraint.setUserConstraint("INTEGRAL");
   Iterator iter = matchingConstraints.iterator();
   while (iter.hasNext()) {
    SecurityConstraint constraint = (SecurityConstraint) iter.next();
    String userConstraint = constraint.getUserConstraint();
    if (userConstraint == null || userConstraint.equals("NONE")) {
     mergedSecurityConstraint.setUserConstraint("NONE");
     break;
    } else if (userConstraint.equals("CONFIDENTIAL")) {
     mergedSecurityConstraint.setUserConstraint("CONFIDENTIAL");
    }
   }

   // Determining the global authConstraints
   Iterator iter2 = matchingConstraints.iterator();
   while (iter2.hasNext()) {
    SecurityConstraint constraint = (SecurityConstraint) iter2.next();
    mergedSecurityConstraint.setAuthConstraint(true);
    String[] groups = new String[0];
    if (constraint.getAuthConstraint()) {
     String[] roleNames = constraint.findAuthRoles();
     if (roleNames == null || roleNames.length == 0) {
      mergedSecurityConstraint.setAuthConstraint(true);
      String[] attributedRoles = mergedSecurityConstraint.findAuthRoles();
      for (int nbRoles = 0; nbRoles < attributedRoles.length; nbRoles++) {
       mergedSecurityConstraint.removeAuthRole(attributedRoles[nbRoles]);
      }
      break;
     } else {
      if (!mergedSecurityConstraint.getAuthConstraint() ||
mergedSecurityConstraint.getAllRoles())
       continue;
      mergedSecurityConstraint.setAuthConstraint(true);
      if (constraint.getAllRoles()) {
       mergedSecurityConstraint.addAuthRole("*");
       continue;
      }
      for (int j = 0; j < roleNames.length; j++) {
       String roleName = roleNames[j];
       for (int k = 0; k < groups.length; k++)
        if (roleName.equals(groups[k]))
         break;
       mergedSecurityConstraint.addAuthRole(roleNames[j]);
      }
     }
    } else
     mergedSecurityConstraint.setAuthConstraint(false);
   }

   // build a fake SecurityCollection encapsulated in the global
mergedSecurityConstraint
   SecurityCollection fakeCollection = new SecurityCollection(requestURI +
"::" + method);
   fakeCollection.addMethod(method);
   fakeCollection.addPattern(requestURI);

   mergedSecurityConstraint.setDisplayName(requestURI + "::" + method);
   mergedSecurityConstraint.addCollection(fakeCollection);

   // map the mergedSecurityConstraint to the (URI, method) and cache
   cache.put(requestURI + "::" + method, mergedSecurityConstraint);
   return new SecurityConstraint[] { mergedSecurityConstraint };

  }

  else if (cached.equals(NULL_CONSTRAINT)) {
   return null;
  }

  else {
   return new SecurityConstraint[] { (SecurityConstraint) cached };
  }

 }

}




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message