Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id CF077200C2C for ; Fri, 3 Mar 2017 15:24:19 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id CD9E0160B6D; Fri, 3 Mar 2017 14:24:19 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 23C71160B57 for ; Fri, 3 Mar 2017 15:24:18 +0100 (CET) Received: (qmail 36308 invoked by uid 500); 3 Mar 2017 14:24:18 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 36298 invoked by uid 99); 3 Mar 2017 14:24:18 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Mar 2017 14:24:18 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 3A5E03A086E for ; Fri, 3 Mar 2017 14:24:17 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1785310 - in /tomcat/trunk: java/org/apache/catalina/realm/RealmBase.java webapps/docs/changelog.xml Date: Fri, 03 Mar 2017 14:24:16 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20170303142417.3A5E03A086E@svn01-us-west.apache.org> archived-at: Fri, 03 Mar 2017 14:24:20 -0000 Author: markt Date: Fri Mar 3 14:24:16 2017 New Revision: 1785310 URL: http://svn.apache.org/viewvc?rev=1785310&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60469 Refactor RealmBase for better code re-use when implementing Realms that use a custom Principal. Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1785310&r1=1785309&r2=1785310&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Fri Mar 3 14:24:16 2017 @@ -913,30 +913,32 @@ public abstract class RealmBase extends /** * Return true if the specified Principal has the specified * security role, within the context of this Realm; otherwise return - * false. This method can be overridden by Realm - * implementations, but the default is adequate when an instance of - * GenericPrincipal is used to represent authenticated - * Principals from this Realm. + * false. This method or {@link #hasRoleInternal(Principal, + * String)} can be overridden by Realm implementations, but the default is + * adequate when an instance of GenericPrincipal is used to + * represent authenticated Principals from this Realm. * + * @param wrapper The servlet to which the current request is mapped * @param principal Principal for whom the role is to be checked - * @param role Security role to be checked + * @param role Security role to be checked */ @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { // Check for a role alias defined in a element if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); - if (realRole != null) + if (realRole != null) { role = realRole; + } } // Should be overridden in JAASRealm - to avoid pretty inefficient conversions - if ((principal == null) || (role == null) || - !(principal instanceof GenericPrincipal)) + if (principal == null || role == null) { return false; + } + + boolean result = hasRoleInternal(principal, role); - GenericPrincipal gp = (GenericPrincipal) principal; - boolean result = gp.hasRole(role); if (log.isDebugEnabled()) { String name = principal.getName(); if (result) @@ -944,8 +946,30 @@ public abstract class RealmBase extends else log.debug(sm.getString("realmBase.hasRoleFailure", name, role)); } - return (result); + return result; + } + + + /** + * Return true if the specified Principal has the specified + * security role, within the context of this Realm; otherwise return + * false. This method or {@link #hasRoleInternal(Principal, + * String)} can be overridden by Realm implementations, but the default is + * adequate when an instance of GenericPrincipal is used to + * represent authenticated Principals from this Realm. + * + * @param principal Principal for whom the role is to be checked + * @param role Security role to be checked + */ + protected boolean hasRoleInternal(Principal principal, String role) { + // Should be overridden in JAASRealm - to avoid pretty inefficient conversions + if (!(principal instanceof GenericPrincipal)) { + return false; + } + + GenericPrincipal gp = (GenericPrincipal) principal; + return gp.hasRole(role); } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1785310&r1=1785309&r2=1785310&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Fri Mar 3 14:24:16 2017 @@ -48,6 +48,11 @@ + 60469: Refactor RealmBase for better code re-use + when implementing Realms that use a custom Principal. + (markt) + + 60490: Various formatting and layout improvements for the ErrorReportValve. Patch provided by Michael Osipov. (markt) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org