tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1548189 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/ test/org/apache/catalina/connector/ test/org/apache/catalina/core/ test/org/apache/catalina/realm/ test/org/apache/catalina/startup/ webapps/docs/
Date Thu, 05 Dec 2013 16:13:31 GMT
Author: markt
Date: Thu Dec  5 16:13:30 2013
New Revision: 1548189

URL: http://svn.apache.org/r1548189
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55839
Extend support for digest prefixes {MD5}, {SHA} and {SSHA} to all Realms rather than just the JNDIRealm.

Added:
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java
      - copied, changed from r1548169, tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterResponse.java
      - copied unchanged from r1547897, tomcat/trunk/test/org/apache/catalina/connector/TesterResponse.java
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java
      - copied, changed from r1548169, tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java
      - copied, changed from r1547897, tomcat/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java
      - copied, changed from r1547897, tomcat/trunk/test/org/apache/catalina/startup/TesterMapRealm.java
Removed:
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java
Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1548169,1548182-1548183,1548185

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/DataSourceRealm.java Thu Dec  5 16:13:30 2013
@@ -319,12 +319,7 @@ public class DataSourceRealm
         String dbCredentials = getPassword(dbConnection, username);
 
         // Validate the user's credentials
-        boolean validated = false;
-        if (hasMessageDigest()) {
-            // Hex hashes should be compared case-insensitive
-            validated = (digest(credentials).equalsIgnoreCase(dbCredentials));
-        } else
-            validated = (digest(credentials).equals(dbCredentials));
+        boolean validated = compareCredentials(credentials, dbCredentials);
 
         if (validated) {
             if (containerLog.isTraceEnabled())
@@ -342,8 +337,7 @@ public class DataSourceRealm
         ArrayList<String> list = getRoles(dbConnection, username);
 
         // Create and return a suitable Principal for this user
-        return (new GenericPrincipal(username, credentials, list));
-
+        return new GenericPrincipal(username, credentials, list);
     }
 
 

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java Thu Dec  5 16:13:30 2013
@@ -408,13 +408,7 @@ public class JDBCRealm
         String dbCredentials = getPassword(username);
 
         // Validate the user's credentials
-        boolean validated = false;
-        if (hasMessageDigest()) {
-            // Hex hashes should be compared case-insensitive
-            validated = (digest(credentials).equalsIgnoreCase(dbCredentials));
-        } else {
-            validated = (digest(credentials).equals(dbCredentials));
-        }
+        boolean validated = compareCredentials(credentials, dbCredentials);
 
         if (validated) {
             if (containerLog.isTraceEnabled())

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java Thu Dec  5 16:13:30 2013
@@ -14,16 +14,13 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.catalina.realm;
 
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.nio.charset.Charset;
 import java.security.Principal;
 import java.text.MessageFormat;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Hashtable;
@@ -53,8 +50,7 @@ import javax.naming.directory.SearchCont
 import javax.naming.directory.SearchResult;
 
 import org.apache.catalina.LifecycleException;
-import org.apache.tomcat.util.buf.B2CConverter;
-import org.apache.tomcat.util.codec.binary.Base64;
+
 import org.ietf.jgss.GSSCredential;
 
 /**
@@ -1565,64 +1561,16 @@ public class JNDIRealm extends RealmBase
                                          String credentials)
         throws NamingException {
 
-        if (info == null || credentials == null)
-            return (false);
-
-        String password = info.getPassword();
-        if (password == null)
-            return (false);
-
         // Validate the credentials specified by the user
         if (containerLog.isTraceEnabled())
             containerLog.trace("  validating credentials");
 
-        boolean validated = false;
-        if (hasMessageDigest()) {
-            // Some directories prefix the password with the hash type
-            // The string is in a format compatible with Base64.encode not
-            // the Hex encoding of the parent class.
-            if (password.startsWith("{MD5}") || password.startsWith("{SHA}")) {
-                /* sync since super.digest() does this same thing */
-                synchronized (this) {
-                    password = password.substring(5);
-                    md.reset();
-                    md.update(credentials.getBytes(Charset.defaultCharset()));
-                    byte[] encoded = Base64.encodeBase64(md.digest());
-                    String digestedPassword =
-                            new String(encoded, B2CConverter.ISO_8859_1);
-                    validated = password.equals(digestedPassword);
-                }
-            } else if (password.startsWith("{SSHA}")) {
-                // Bugzilla 32938
-                /* sync since super.digest() does this same thing */
-                synchronized (this) {
-                    password = password.substring(6);
-
-                    md.reset();
-                    md.update(credentials.getBytes(Charset.defaultCharset()));
-
-                    // Decode stored password.
-                    byte[] decoded = Base64.decodeBase64(password);
-
-                    // Split decoded password into hash and salt.
-                    final int saltpos = 20;
-                    byte[] hash = new byte[saltpos];
-                    System.arraycopy(decoded, 0, hash, 0, saltpos);
-
-                    md.update(decoded, saltpos, decoded.length - saltpos);
-
-                    byte[] dp = md.digest();
+        if (info == null || credentials == null)
+            return (false);
 
-                    validated = Arrays.equals(dp, hash);
-                } // End synchronized(this) block
-            } else {
-                // Hex hashes should be compared case-insensitive
-                validated = (digest(credentials).equalsIgnoreCase(password));
-            }
-        } else
-            validated = (digest(credentials).equals(password));
-        return (validated);
+        String password = info.getPassword();
 
+        return compareCredentials(credentials, password);
     }
 
 

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/MemoryRealm.java Thu Dec  5 16:13:30 2013
@@ -142,17 +142,7 @@ public class MemoryRealm  extends RealmB
 
         GenericPrincipal principal = principals.get(username);
 
-        boolean validated = false;
-        if (principal != null && credentials != null) {
-            if (hasMessageDigest()) {
-                // Hex hashes should be compared case-insensitive
-                validated = (digest(credentials)
-                             .equalsIgnoreCase(principal.getPassword()));
-            } else {
-                validated =
-                    (digest(credentials).equals(principal.getPassword()));
-            }
-        }
+        boolean validated = compareCredentials(credentials, principal.getPassword());
 
         if (validated) {
             if (log.isDebugEnabled())

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java Thu Dec  5 16:13:30 2013
@@ -14,11 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-
 package org.apache.catalina.realm;
 
-
 import java.beans.PropertyChangeListener;
 import java.beans.PropertyChangeSupport;
 import java.io.IOException;
@@ -29,6 +26,7 @@ import java.security.NoSuchAlgorithmExce
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Locale;
 
 import javax.servlet.http.HttpServletResponse;
@@ -55,6 +53,7 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.HexUtils;
+import org.apache.tomcat.util.codec.binary.Base64;
 import org.apache.tomcat.util.res.StringManager;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
@@ -362,15 +361,8 @@ public abstract class RealmBase extends 
 
         String serverCredentials = getPassword(username);
 
-        boolean validated ;
-        if ( serverCredentials == null ) {
-            validated = false;
-        } else if(hasMessageDigest()) {
-            validated = serverCredentials.equalsIgnoreCase(digest(credentials));
-        } else {
-            validated = serverCredentials.equals(credentials);
-        }
-        if(! validated ) {
+        boolean validated = compareCredentials(credentials, serverCredentials);
+        if (!validated) {
             if (containerLog.isTraceEnabled()) {
                 containerLog.trace(sm.getString("realmBase.authenticateFailure",
                                                 username));
@@ -529,6 +521,72 @@ public abstract class RealmBase extends 
     }
 
     
+    protected boolean compareCredentials(String userCredentials,
+            String serverCredentials) {
+
+        if (serverCredentials == null) {
+            return false;
+        }
+
+        if (hasMessageDigest()) {
+            // Some directories and databases prefix the password with the hash
+            // type. The string is in a format compatible with Base64.encode not
+            // the normal hex encoding of the digest
+            if (serverCredentials.startsWith("{MD5}") ||
+                    serverCredentials.startsWith("{SHA}")) {
+                // Server is storing digested passwords with a prefix indicating
+                // the digest type
+                String serverDigest = serverCredentials.substring(5);
+                String userDigest;
+                synchronized (this) {
+                    md.reset();
+                    md.update(userCredentials.getBytes(B2CConverter.ISO_8859_1));
+                    userDigest = Base64.encodeBase64String(md.digest());
+                }
+                return userDigest.equals(serverDigest);
+
+            } else if (serverCredentials.startsWith("{SSHA}")) {
+                // Server is storing digested passwords with a prefix indicating
+                // the digest type and the salt used when creating that digest
+
+                String serverDigestPlusSalt = serverCredentials.substring(6);
+
+                // Need to convert the salt to bytes to apply it to the user's
+                // digested password.
+                byte[] serverDigestPlusSaltBytes =
+                        Base64.decodeBase64(serverDigestPlusSalt);
+                final int saltPos = 20;
+                byte[] serverDigestBytes = new byte[saltPos];
+                System.arraycopy(serverDigestPlusSaltBytes, 0,
+                        serverDigestBytes, 0, saltPos);
+
+                // Generate the digested form of the user provided password
+                // using the salt
+                byte[] userDigestBytes;
+                synchronized (this) {
+                    md.reset();
+                    // User provided password
+                    md.update(userCredentials.getBytes(B2CConverter.ISO_8859_1));
+                    // Add the salt
+                    md.update(serverDigestPlusSaltBytes, saltPos,
+                            serverDigestPlusSaltBytes.length - saltPos);
+                    userDigestBytes = md.digest();
+                }
+
+                return Arrays.equals(userDigestBytes, serverDigestBytes);
+
+            } else {
+                // Hex hashes should be compared case-insensitively
+                String userDigest = digest(userCredentials);
+                return serverCredentials.equalsIgnoreCase(userDigest);
+            }
+        } else {
+            // No digests, compare directly
+            return serverCredentials.equals(userCredentials);
+        }
+    }
+
+
     /**
      * Execute a periodic task, such as reloading, etc. This method will be
      * invoked inside the classloading context of this container. Unexpected

Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java Thu Dec  5 16:13:30 2013
@@ -165,7 +165,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062a() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -178,7 +178,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062b() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -190,7 +190,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062c() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -202,7 +202,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062d() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -214,7 +214,7 @@ public class TestResponse extends Tomcat
 
     @Test(expected=IllegalArgumentException.class)
     public void testBug53062e() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -224,7 +224,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062f() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -237,7 +237,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062g() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -250,7 +250,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062h() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -264,7 +264,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062i() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -277,7 +277,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062j() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -289,7 +289,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062k() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -303,7 +303,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062l() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -316,7 +316,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062m() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -329,7 +329,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062n() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -342,7 +342,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062o() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -354,7 +354,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53062p() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -366,7 +366,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53469a() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 
@@ -378,7 +378,7 @@ public class TestResponse extends Tomcat
 
     @Test
     public void testBug53469b() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 

Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponsePerformance.java Thu Dec  5 16:13:30 2013
@@ -24,7 +24,7 @@ import org.junit.Test;
 public class TestResponsePerformance {
     @Test
     public void testToAbsolutePerformance() throws Exception {
-        Request req = new TesterMockRequest();
+        Request req = new TesterRequest();
         Response resp = new Response();
         resp.setRequest(req);
 

Copied: tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java (from r1548169, tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java)
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java&p1=tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java&r1=1548169&r2=1548189&rev=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterMockRequest.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TesterRequest.java Thu Dec  5 16:13:30 2013
@@ -16,7 +16,7 @@
  */
 package org.apache.catalina.connector;
 
-public class TesterMockRequest extends Request {
+public class TesterRequest extends Request {
     @Override
     public String getScheme() {
         return "http";
@@ -36,4 +36,13 @@ public class TesterMockRequest extends R
     public String getDecodedRequestURI() {
         return "/level1/level2/foo.html";
     }
+
+    private String method;
+    public void setMethod(String method) {
+        this.method = method;
+    }
+    @Override
+    public String getMethod() {
+        return method;
+    }
 }

Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TesterContext.java Thu Dec  5 16:13:30 2013
@@ -19,6 +19,8 @@ package org.apache.catalina.core;
 import java.beans.PropertyChangeListener;
 import java.io.IOException;
 import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
@@ -58,6 +60,7 @@ import org.apache.catalina.deploy.Naming
 import org.apache.catalina.deploy.SecurityConstraint;
 import org.apache.catalina.util.CharsetMapper;
 import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.InstanceManager;
 import org.apache.tomcat.JarScanner;
 import org.apache.tomcat.util.http.mapper.Mapper;
@@ -67,9 +70,51 @@ import org.apache.tomcat.util.http.mappe
  */
 public class TesterContext implements Context {
 
+    private static final Log log = LogFactory.getLog(TesterContext.class);
+
+    private List<String> securityRoles = new ArrayList<String>();
+    @Override
+    public void addSecurityRole(String role) {
+        securityRoles.add(role);
+    }
+
+    @Override
+    public boolean findSecurityRole(String role) {
+        return securityRoles.contains(role);
+    }
+
+    @Override
+    public String[] findSecurityRoles() {
+        return securityRoles.toArray(new String[securityRoles.size()]);
+    }
+
+    @Override
+    public void removeSecurityRole(String role) {
+        securityRoles.remove(role);
+    }
+
+    private List<SecurityConstraint> securityConstraints =
+            new ArrayList<SecurityConstraint>();
+    @Override
+    public void addConstraint(SecurityConstraint constraint) {
+        securityConstraints.add(constraint);
+    }
+
+    @Override
+    public SecurityConstraint[] findConstraints() {
+        return securityConstraints.toArray(
+                new SecurityConstraint[securityConstraints.size()]);
+    }
+
+    @Override
+    public void removeConstraint(SecurityConstraint constraint) {
+        securityConstraints.remove(constraint);
+    }
+    
+    
     @Override
     public Log getLogger() {
-        return null;
+        return log;
     }
 
     @Override
@@ -641,11 +686,6 @@ public class TesterContext implements Co
     }
 
     @Override
-    public void addConstraint(SecurityConstraint constraint) {
-        // NO-OP
-    }
-
-    @Override
     public void addErrorPage(ErrorPage errorPage) {
         // NO-OP
     }
@@ -691,11 +731,6 @@ public class TesterContext implements Co
     }
 
     @Override
-    public void addSecurityRole(String role) {
-        // NO-OP
-    }
-
-    @Override
     public void addServletMapping(String pattern, String name) {
         // NO-OP
     }
@@ -742,11 +777,6 @@ public class TesterContext implements Co
     }
 
     @Override
-    public SecurityConstraint[] findConstraints() {
-        return null;
-    }
-
-    @Override
     public ErrorPage findErrorPage(int errorCode) {
         return null;
     }
@@ -807,16 +837,6 @@ public class TesterContext implements Co
     }
 
     @Override
-    public boolean findSecurityRole(String role) {
-        return false;
-    }
-
-    @Override
-    public String[] findSecurityRoles() {
-        return null;
-    }
-
-    @Override
     public String findServletMapping(String pattern) {
         return null;
     }
@@ -887,11 +907,6 @@ public class TesterContext implements Co
     }
 
     @Override
-    public void removeConstraint(SecurityConstraint constraint) {
-        // NO-OP
-    }
-
-    @Override
     public void removeErrorPage(ErrorPage errorPage) {
         // NO-OP
     }
@@ -927,11 +942,6 @@ public class TesterContext implements Co
     }
 
     @Override
-    public void removeSecurityRole(String role) {
-        // NO-OP
-    }
-
-    @Override
     public void removeServletMapping(String pattern) {
         // NO-OP
     }

Copied: tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java (from r1548169, tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java)
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java&p1=tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java&r1=1548169&r2=1548189&rev=1548189&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/realm/TestRealmBase.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TestRealmBase.java Thu Dec  5 16:13:30 2013
@@ -33,9 +33,9 @@ import org.apache.catalina.connector.Res
 import org.apache.catalina.connector.TesterRequest;
 import org.apache.catalina.connector.TesterResponse;
 import org.apache.catalina.core.TesterContext;
+import org.apache.catalina.deploy.SecurityCollection;
+import org.apache.catalina.deploy.SecurityConstraint;
 import org.apache.catalina.startup.TesterMapRealm;
-import org.apache.tomcat.util.descriptor.web.SecurityCollection;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 
 public class TestRealmBase {
 
@@ -47,7 +47,7 @@ public class TestRealmBase {
     private static final String ROLE2 = "role2";
     private static final String ROLE3 = "role3";
     private static final String ROLE99 = "role99";
-
+    
     // All digested passwords are the digested form of "password"
     private static final String PWD_MD5 = "5f4dcc3b5aa765d61d8327deb882cf99";
     private static final String PWD_SHA = "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8";
@@ -59,6 +59,9 @@ public class TestRealmBase {
     private static final String PWD_SSHA_PREFIX =
             "{SSHA}oFLhvfQVqFykEWu8v1pPE6nN0QRzYWx0dG9wcm90ZWN0cGFzc3dvcmQ=";
 
+    private static final String ROLE_ALL_ROLES="*";
+
+
     @Test
     public void testDigestMD5() throws Exception {
         doTestDigestDigestPasswords(PWD, "MD5", PWD_MD5);
@@ -102,9 +105,9 @@ public class TestRealmBase {
 
     @Test
     public void testUserWithSingleRole() throws IOException {
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         // Configure this test
         userRoles.add(ROLE1);
@@ -117,9 +120,9 @@ public class TestRealmBase {
 
     @Test
     public void testUserWithNoRoles() throws IOException {
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         // Configure this test
         constraintRoles.add(ROLE1);
@@ -131,14 +134,14 @@ public class TestRealmBase {
 
     @Test
     public void testUserWithSingleRoleAndAllRoles() throws IOException {
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         // Configure this test
         userRoles.add(ROLE1);
         applicationRoles.add(ROLE1);
-        constraintRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+        constraintRoles.add(ROLE_ALL_ROLES);
 
         doRoleTest(userRoles, constraintRoles, applicationRoles, true);
     }
@@ -146,12 +149,12 @@ public class TestRealmBase {
 
     @Test
     public void testUserWithoutNoRolesAndAllRoles() throws IOException {
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         // Configure this test
-        constraintRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+        constraintRoles.add(ROLE_ALL_ROLES);
         applicationRoles.add(ROLE1);
 
         doRoleTest(userRoles, constraintRoles, applicationRoles, false);
@@ -160,66 +163,22 @@ public class TestRealmBase {
 
     @Test
     public void testAllRolesWithNoAppRole() throws IOException {
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         // Configure this test
         userRoles.add(ROLE1);
-        constraintRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+        constraintRoles.add(ROLE_ALL_ROLES);
 
         doRoleTest(userRoles, constraintRoles, applicationRoles, false);
     }
 
 
     @Test
-    public void testAllAuthenticatedUsers() throws IOException {
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        // Configure this test
-        constraintRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-
-        doRoleTest(userRoles, constraintRoles, applicationRoles, true);
-    }
-
-
-    @Test
-    public void testAllAuthenticatedUsersAsAppRoleNoUser() throws IOException {
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        // Configure this test
-        userRoles.add(ROLE1);
-        constraintRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-        applicationRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-
-        doRoleTest(userRoles, constraintRoles, applicationRoles, false);
-    }
-
-
-    @Test
-    public void testAllAuthenticatedUsersAsAppRoleWithUser()
-            throws IOException {
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        // Configure this test
-        userRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-        constraintRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-        applicationRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-
-        doRoleTest(userRoles, constraintRoles, applicationRoles, true);
-    }
-
-
-    @Test
     public void testNoAuthConstraint() throws IOException {
         // No auth constraint == allow access for all
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         doRoleTest(null, null, applicationRoles, true);
     }
@@ -234,10 +193,10 @@ public class TestRealmBase {
     public void testCombineConstraints01() throws IOException {
         // Allowed roles should be the union of the roles in the constraints
         // User role is in first constraint
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         userRoles.add(ROLE1);
         constraintOneRoles.add(ROLE1);
@@ -254,10 +213,10 @@ public class TestRealmBase {
     public void testCombineConstraints02() throws IOException {
         // Allowed roles should be the union of the roles in the constraints
         // User role is in last constraint
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         userRoles.add(ROLE2);
         constraintOneRoles.add(ROLE1);
@@ -274,10 +233,10 @@ public class TestRealmBase {
     public void testCombineConstraints03() throws IOException {
         // Allowed roles should be the union of the roles in the constraints
         // User role is not in any constraint
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         userRoles.add(ROLE3);
         constraintOneRoles.add(ROLE1);
@@ -295,14 +254,14 @@ public class TestRealmBase {
         // Allowed roles should be the union of the roles in the constraints
         // * is any app role
         // User role is not in any constraint
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         userRoles.add(ROLE99);
         constraintOneRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+        constraintTwoRoles.add(ROLE_ALL_ROLES);
         applicationRoles.add(ROLE2);
         applicationRoles.add(ROLE3);
 
@@ -316,14 +275,14 @@ public class TestRealmBase {
         // Allowed roles should be the union of the roles in the constraints
         // * is any app role
         // User role is a non-app constraint role
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         userRoles.add(ROLE1);
         constraintOneRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+        constraintTwoRoles.add(ROLE_ALL_ROLES);
         applicationRoles.add(ROLE2);
         applicationRoles.add(ROLE3);
 
@@ -337,14 +296,14 @@ public class TestRealmBase {
         // Allowed roles should be the union of the roles in the constraints
         // * is any app role
         // User role is an app role
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         userRoles.add(ROLE2);
         constraintOneRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
+        constraintTwoRoles.add(ROLE_ALL_ROLES);
         applicationRoles.add(ROLE2);
         applicationRoles.add(ROLE3);
 
@@ -358,98 +317,17 @@ public class TestRealmBase {
         // Allowed roles should be the union of the roles in the constraints
         // * is any app role
         // User has no role
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        constraintOneRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
-        applicationRoles.add(ROLE2);
-        applicationRoles.add(ROLE3);
-
-        doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
-                applicationRoles, false);
-    }
-
-
-    @Test
-    public void testCombineConstraints08() throws IOException {
-        // Allowed roles should be the union of the roles in the constraints
-        // ** is any authenticated user
-        // User has no role
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        constraintOneRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-        applicationRoles.add(ROLE2);
-        applicationRoles.add(ROLE3);
-
-        doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
-                applicationRoles, true);
-    }
-
-
-    @Test
-    public void testCombineConstraints09() throws IOException {
-        // Allowed roles should be the union of the roles in the constraints
-        // ** is any authenticated user
-        // User has constraint role
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        userRoles.add(ROLE1);
-        constraintOneRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-        applicationRoles.add(ROLE2);
-        applicationRoles.add(ROLE3);
-
-        doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
-                applicationRoles, true);
-    }
-
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
-    @Test
-    public void testCombineConstraints10() throws IOException {
-        // Allowed roles should be the union of the roles in the constraints
-        // ** is any authenticated user
-        // User has app role
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        userRoles.add(ROLE2);
         constraintOneRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
+        constraintTwoRoles.add(ROLE_ALL_ROLES);
         applicationRoles.add(ROLE2);
         applicationRoles.add(ROLE3);
 
         doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
-                applicationRoles, true);
-    }
-
-
-    @Test
-    public void testCombineConstraints11() throws IOException {
-        // Allowed roles should be the union of the roles in the constraints
-        // ** is any authenticated user
-        // User is not authenticated
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        constraintOneRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
-        applicationRoles.add(ROLE2);
-        applicationRoles.add(ROLE3);
-
-        doRoleTest(null, constraintOneRoles, constraintTwoRoles,
                 applicationRoles, false);
     }
 
@@ -459,8 +337,8 @@ public class TestRealmBase {
         // Allowed roles should be the union of the roles in the constraints
         // Constraint without role or implied role permits unauthenticated users
         // User is not authenticated
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         constraintTwoRoles.add(ROLE1);
         applicationRoles.add(ROLE1);
@@ -475,26 +353,10 @@ public class TestRealmBase {
         // Allowed roles should be the union of the roles in the constraints
         // Constraint without role or implied role permits unauthenticated users
         // User is not authenticated
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
-        applicationRoles.add(ROLE1);
-
-        doRoleTest(null, null, constraintTwoRoles,
-                applicationRoles, true);
-    }
-
-
-    @Test
-    public void testCombineConstraints14() throws IOException {
-        // Allowed roles should be the union of the roles in the constraints
-        // Constraint without role or implied role permits unauthenticated users
-        // User is not authenticated
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
+        constraintTwoRoles.add(ROLE_ALL_ROLES);
         applicationRoles.add(ROLE1);
 
         doRoleTest(null, null, constraintTwoRoles,
@@ -507,10 +369,10 @@ public class TestRealmBase {
         // Allowed roles should be the union of the roles in the constraints
         // Constraint with empty auth section prevents all access
         // User has matching constraint role
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         userRoles.add(ROLE1);
         constraintTwoRoles.add(ROLE1);
@@ -526,32 +388,13 @@ public class TestRealmBase {
         // Allowed roles should be the union of the roles in the constraints
         // Constraint with empty auth section prevents all access
         // User has matching role
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
+        List<String> userRoles = new ArrayList<String>();
+        List<String> constraintOneRoles = new ArrayList<String>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
+        List<String> applicationRoles = new ArrayList<String>();
 
         userRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_ROLES);
-        applicationRoles.add(ROLE1);
-
-        doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
-                applicationRoles, false);
-    }
-
-
-    @Test
-    public void testCombineConstraints17() throws IOException {
-        // Allowed roles should be the union of the roles in the constraints
-        // Constraint with empty auth section prevents all access
-        // User matches all authenticated users
-        List<String> userRoles = new ArrayList<>();
-        List<String> constraintOneRoles = new ArrayList<>();
-        List<String> constraintTwoRoles = new ArrayList<>();
-        List<String> applicationRoles = new ArrayList<>();
-
-        userRoles.add(ROLE1);
-        constraintTwoRoles.add(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
+        constraintTwoRoles.add(ROLE_ALL_ROLES);
         applicationRoles.add(ROLE1);
 
         doRoleTest(userRoles, constraintOneRoles, constraintTwoRoles,
@@ -571,7 +414,7 @@ public class TestRealmBase {
             List<String> constraintRoles, List<String> applicationRoles,
             boolean expected) throws IOException {
 
-        List<String> constraintTwoRoles = new ArrayList<>();
+        List<String> constraintTwoRoles = new ArrayList<String>();
         constraintTwoRoles.add(ROLE99);
         doRoleTest(userRoles, constraintRoles, constraintTwoRoles,
                 applicationRoles, expected);
@@ -591,10 +434,6 @@ public class TestRealmBase {
             constraintOne.setAuthConstraint(true);
             for (String constraintRole : constraintOneRoles) {
                 constraintOne.addAuthRole(constraintRole);
-                if (applicationRoles.contains(
-                        SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)) {
-                    constraintOne.treatAllAuthenticatedUsersAsApplicationRole();
-                }
             }
         }
         SecurityConstraint constraintTwo = new SecurityConstraint();
@@ -602,10 +441,6 @@ public class TestRealmBase {
             constraintTwo.setAuthConstraint(true);
             for (String constraintRole : constraintTwoRoles) {
                 constraintTwo.addAuthRole(constraintRole);
-                if (applicationRoles.contains(
-                        SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)) {
-                    constraintTwo.treatAllAuthenticatedUsersAsApplicationRole();
-                }
             }
         }
         SecurityConstraint[] constraints =
@@ -672,15 +507,15 @@ public class TestRealmBase {
         request.setContext(context);
 
         // Create the principals
-        List<String> userRoles1 = new ArrayList<>();
+        List<String> userRoles1 = new ArrayList<String>();
         userRoles1.add(ROLE1);
         GenericPrincipal gp1 = new GenericPrincipal(USER1, PWD, userRoles1);
 
-        List<String> userRoles2 = new ArrayList<>();
+        List<String> userRoles2 = new ArrayList<String>();
         userRoles2.add(ROLE2);
         GenericPrincipal gp2 = new GenericPrincipal(USER2, PWD, userRoles2);
 
-        List<String> userRoles99 = new ArrayList<>();
+        List<String> userRoles99 = new ArrayList<String>();
         GenericPrincipal gp99 = new GenericPrincipal(USER99, PWD, userRoles99);
 
         // Add the constraints to the context
@@ -748,25 +583,6 @@ public class TestRealmBase {
         Assert.assertFalse(mapRealm.hasResourcePermission(
                 request, response, constraintsPut, null));
 
-        // Any authenticated user should be able to perform a TRACE.
-        request.setMethod("TRACE");
-
-        SecurityConstraint[] constraintsTrace =
-                mapRealm.findSecurityConstraints(request, context);
-
-        request.setUserPrincipal(null);
-        Assert.assertFalse(mapRealm.hasResourcePermission(
-                request, response, constraintsTrace, null));
-        request.setUserPrincipal(gp1);
-        Assert.assertTrue(mapRealm.hasResourcePermission(
-                request, response, constraintsTrace, null));
-        request.setUserPrincipal(gp2);
-        Assert.assertTrue(mapRealm.hasResourcePermission(
-                request, response, constraintsTrace, null));
-        request.setUserPrincipal(gp99);
-        Assert.assertTrue(mapRealm.hasResourcePermission(
-                request, response, constraintsTrace, null));
-
         // Only user1 should be able to perform a DELETE as only that user has
         // role1.
         request.setMethod("DELETE");

Copied: tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java (from r1547897, tomcat/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java)
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java&p1=tomcat/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java&r1=1547897&r2=1548189&rev=1548189&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/realm/TesterServletSecurity01.java Thu Dec  5 16:13:30 2013
@@ -20,16 +20,11 @@ import javax.servlet.annotation.HttpCons
 import javax.servlet.annotation.HttpMethodConstraint;
 import javax.servlet.annotation.ServletSecurity;
 
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
-
 @ServletSecurity(value=@HttpConstraint,
         httpMethodConstraints={
                 @HttpMethodConstraint(value="POST",
                         rolesAllowed=TestRealmBase.ROLE1),
-                @HttpMethodConstraint(value="PUT",
-                        rolesAllowed=SecurityConstraint.ROLE_ALL_ROLES),
-                @HttpMethodConstraint(value="TRACE",
-                        rolesAllowed=SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS)})
+                @HttpMethodConstraint(value="PUT", rolesAllowed="*")})
 public class TesterServletSecurity01 {
     // Class is NO-OP. It is only used to 'host' the annotation.
 }

Copied: tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java (from r1547897, tomcat/trunk/test/org/apache/catalina/startup/TesterMapRealm.java)
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java?p2=tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java&p1=tomcat/trunk/test/org/apache/catalina/startup/TesterMapRealm.java&r1=1547897&r2=1548189&rev=1548189&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/startup/TesterMapRealm.java (original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/startup/TesterMapRealm.java Thu Dec  5 16:13:30 2013
@@ -30,8 +30,8 @@ import org.apache.catalina.realm.RealmBa
  * passwords.
  */
 public final class TesterMapRealm extends RealmBase {
-    private Map<String,String> users = new HashMap<>();
-    private Map<String,List<String>> roles = new HashMap<>();
+    private Map<String,String> users = new HashMap<String,String>();
+    private Map<String,List<String>> roles = new HashMap<String,List<String>>();
 
     public void addUser(String username, String password) {
         users.put(username, password);
@@ -40,7 +40,7 @@ public final class TesterMapRealm extend
     public void addUserRole(String username, String role) {
         List<String> userRoles = roles.get(username);
         if (userRoles == null) {
-            userRoles = new ArrayList<>();
+            userRoles = new ArrayList<String>();
             roles.put(username, userRoles);
         }
         userRoles.add(role);

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1548189&r1=1548188&r2=1548189&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Dec  5 16:13:30 2013
@@ -193,6 +193,10 @@
         <bug>55804</bug>: If the GSSCredential for the cached Principal expires
         when using SPNEGO authentication, force a re-authentication. (markt)
       </fix>
+      <fix>
+        <bug>55839</bug>: Extend support for digest prefixes {MD5}, {SHA} and
+        {SSHA} to all Realms rather than just the JNDIRealm. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message