There's a new MR for the jacc spec and one of the changes is related
to something we've already tried to solve for dealing with the pluto
console urls which sometimes have colons in them for instance when a
jdbc url is in a query parameter in the url..
Here's the text of the spec change:
The name of the permission checked in a transport or pre-dispatch
decision must
be the unqualified request URI minus the context path. All colon
characters
occurring within the name must be represented using escaped encoding1.
Here's our current code:
static String encodeColons(HttpServletRequest request) {
String result = request.getServletPath() +
(request.getPathInfo() == null ? "" : request.getPathInfo());
if (result.indexOf("%3A") > -1) result =
result.replaceAll("%3A", "%3A%3A");
if (result.indexOf(":") > -1) result = result.replaceAll(":",
"%3A");
return result;
}
I think that we are being over-enthusiastic and should leave out the
doubling of a pre-encoded colon:
static String encodeColons(HttpServletRequest request) {
String result = request.getServletPath() +
(request.getPathInfo() == null ? "" : request.getPathInfo());
if (result.indexOf(":") > -1) result = result.replaceAll(":",
"%3A");
return result;
}
Does this seem right?
thanks
david jencks
