svn commit: r894483 - in /tomcat/trunk/java/org/apache/catalina: core/LocalStrings.properties core/StandardContext.java deploy/SecurityCollection.java startup/WebRuleSet.java startup/WebXml.java

Tue, 29 Dec 2009 13:23:32 -0800 

Author: markt
Date: Tue Dec 29 21:21:59 2009
New Revision: 894483

URL: http://svn.apache.org/viewvc?rev=894483&view=rev
Log:
Add support for http-method-omission

Modified:
    tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
    tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
    tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java
    tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java
    tomcat/trunk/java/org/apache/catalina/startup/WebXml.java

Modified: tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties Tue Dec 
29 21:21:59 2009
@@ -115,6 +115,7 @@
 standardContext.reloadingFailed=Reloading this Context failed due to previous 
errors
 standardContext.reloadingStarted=Reloading Context with path [{0}] has started
 standardContext.resourcesStart=Error starting static Resources
+standardContext.securityConstraint.mixHttpMethod=It is not permitted to mix 
<http-method> and <http-method-omission> in the same web resource collection
 standardContext.securityConstraint.pattern=Invalid <url-pattern> {0} in 
security constraint
 standardContext.servletMap.name=Servlet mapping specifies an unknown servlet 
name {0}
 standardContext.servletMap.pattern=Invalid <url-pattern> {0} in servlet mapping

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Tue Dec 29 
21:21:59 2009
@@ -2287,6 +2287,11 @@
                          ("standardContext.securityConstraint.pattern",
                           patterns[j]));
             }
+            if (collections[i].findMethods().length > 0 &&
+                    collections[i].findOmittedMethods().length > 0) {
+                throw new IllegalArgumentException(sm.getString(
+                        "standardContext.securityConstraint.mixHttpMethod"));
+            }
         }
 
         // Add this constraint to the set for our web application

Modified: tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java Tue 
Dec 29 21:21:59 2009
@@ -93,12 +93,17 @@
 
 
     /**
-     * The HTTP methods covered by this web resource collection.
+     * The HTTP methods explicitly covered by this web resource collection.
      */
     private String methods[] = new String[0];
 
 
     /**
+     * The HTTP methods explicitly excluded from this web resource collection.
+     */
+    private String omittedMethods[] = new String[0];
+
+    /**
      * The name of this web resource collection.
      */
     private String name = null;
@@ -161,7 +166,8 @@
 
 
     /**
-     * Add an HTTP request method to be part of this web resource collection.
+     * Add an HTTP request method to be explicitly part of this web resource
+     * collection.
      */
     public void addMethod(String method) {
 
@@ -177,6 +183,20 @@
 
 
     /**
+     * Add an HTTP request method to the methods explicitly excluded from this
+     * web resource collection.
+     */
+    public void addOmittedMethod(String method) {
+        if (method == null)
+            return;
+        String results[] = new String[omittedMethods.length + 1];
+        for (int i = 0; i < omittedMethods.length; i++)
+            results[i] = omittedMethods[i];
+        results[omittedMethods.length] = method;
+        omittedMethods = results;
+    }
+
+    /**
      * Add a URL pattern to be part of this web resource collection.
      */
     public void addPattern(String pattern) {
@@ -184,12 +204,12 @@
         if (pattern == null)
             return;
 
-        pattern = RequestUtil.URLDecode(pattern);
+        String decodedPattern = RequestUtil.URLDecode(pattern);
         String results[] = new String[patterns.length + 1];
         for (int i = 0; i < patterns.length; i++) {
             results[i] = patterns[i];
         }
-        results[patterns.length] = pattern;
+        results[patterns.length] = decodedPattern;
         patterns = results;
 
     }
@@ -203,21 +223,29 @@
      */
     public boolean findMethod(String method) {
 
-        if (methods.length == 0)
+        if (methods.length == 0 && omittedMethods.length == 0)
             return (true);
-        for (int i = 0; i < methods.length; i++) {
-            if (methods[i].equals(method))
-                return (true);
+        if (methods.length > 0) {
+            for (int i = 0; i < methods.length; i++) {
+                if (methods[i].equals(method))
+                    return true;
+            }
+            return false;
         }
-        return (false);
-
+        if (omittedMethods.length > 0) {
+            for (int i = 0; i < omittedMethods.length; i++) {
+                if (omittedMethods[i].equals(method))
+                    return false;
+            }
+        }
+        return true;
     }
 
 
     /**
      * Return the set of HTTP request methods that are part of this web
-     * resource collection, or a zero-length array if all request methods
-     * are included.
+     * resource collection, or a zero-length array if no methods have been
+     * explicitly included.
      */
     public String[] findMethods() {
 
@@ -227,6 +255,18 @@
 
 
     /**
+     * Return the set of HTTP request methods that are explicitly excluded from
+     * this web resource collection, or a zero-length array if no request
+     * methods are excluded.
+     */
+    public String[] findOmittedMethods() {
+
+        return (omittedMethods);
+
+    }
+
+
+    /**
      * Is the specified pattern part of this web resource collection?
      *
      * @param pattern Pattern to be compared
@@ -285,6 +325,36 @@
 
 
     /**
+     * Remove the specified HTTP request method from those that are explicitly
+     * excluded from this web resource collection.
+     *
+     * @param method Request method to be removed
+     */
+    public void removeOmittedMethod(String method) {
+
+        if (method == null)
+            return;
+        int n = -1;
+        for (int i = 0; i < omittedMethods.length; i++) {
+            if (omittedMethods[i].equals(method)) {
+                n = i;
+                break;
+            }
+        }
+        if (n >= 0) {
+            int j = 0;
+            String results[] = new String[omittedMethods.length - 1];
+            for (int i = 0; i < omittedMethods.length; i++) {
+                if (i != n)
+                    results[j++] = omittedMethods[i];
+            }
+            omittedMethods = results;
+        }
+
+    }
+
+
+    /**
      * Remove the specified URL pattern from those that are part of this
      * web resource collection.
      *

Modified: tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java Tue Dec 29 
21:21:59 2009
@@ -337,6 +337,8 @@
                             "org.apache.catalina.deploy.SecurityCollection");
         digester.addCallMethod(fullPrefix + 
"/security-constraint/web-resource-collection/http-method",
                                "addMethod", 0);
+        digester.addCallMethod(fullPrefix + 
"/security-constraint/web-resource-collection/http-method-omission",
+                               "addOmittedMethod", 0);
         digester.addCallMethod(fullPrefix + 
"/security-constraint/web-resource-collection/url-pattern",
                                "addPattern", 0);
         digester.addCallMethod(fullPrefix + 
"/security-constraint/web-resource-collection/web-resource-name",

Modified: tomcat/trunk/java/org/apache/catalina/startup/WebXml.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/WebXml.java?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/WebXml.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/WebXml.java Tue Dec 29 
21:21:59 2009
@@ -734,6 +734,9 @@
                 for (String method : collection.findMethods()) {
                     appendElement(sb, INDENT6, "http-method", method);
                 }
+                for (String method : collection.findOmittedMethods()) {
+                    appendElement(sb, INDENT6, "http-method-omission", method);
+                }
                 sb.append("    </web-resource-collection>\n");
             }
             if (constraint.findAuthRoles().length > 0) {



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to