cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
nacho 01/04/17 03:43:58 Modified:src/share/org/apache/tomcat/request Tag: tomcat_32 SimpleRealm.java JDBCRealm.java src/share/org/apache/tomcat/core Tag: tomcat_32 RequestImpl.java Log: * Security problems with getUserPrincipal, a not authenticated request got the roles from the last succesful auth .. * security-role-ref no correctly honored Submitted by : Thom Park (tpar at borland.com) Revision ChangesPath No revision No revision 1.5.2.2 +1 -0 jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/SimpleRealm.java Index: SimpleRealm.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/SimpleRealm.java,v retrieving revision 1.5.2.1 retrieving revision 1.5.2.2 diff -u -r1.5.2.1 -r1.5.2.2 --- SimpleRealm.java 2000/10/17 23:36:24 1.5.2.1 +++ SimpleRealm.java 2001/04/17 10:43:41 1.5.2.2 @@ -133,6 +133,7 @@ if( memoryRealm.checkPassword( user, password ) ) { if( debug 0 ) log( "Auth ok, user=" + user ); req.setRemoteUser( user ); +req.setUserPrincipal(new SimplePrincipal(user)); Context ctx = req.getContext(); if (ctx != null) req.setAuthType(ctx.getAuthMethod()); 1.9.2.9 +1 -0 jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/JDBCRealm.java Index: JDBCRealm.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/JDBCRealm.java,v retrieving revision 1.9.2.8 retrieving revision 1.9.2.9 diff -u -r1.9.2.8 -r1.9.2.9 --- JDBCRealm.java2001/02/23 22:07:55 1.9.2.8 +++ JDBCRealm.java2001/04/17 10:43:43 1.9.2.9 @@ -453,6 +453,7 @@ if ( authenticate( user, password ) ) { if( debug 0 ) log( "Auth ok, user=" + user ); req.setRemoteUser( user ); +req.setUserPrincipal(new SimplePrincipal(user)); Context ctx = req.getContext(); if (ctx != null) req.setAuthType(ctx.getAuthMethod()); No revision No revision 1.52.2.8 +28 -11 jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java Index: RequestImpl.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v retrieving revision 1.52.2.7 retrieving revision 1.52.2.8 diff -u -r1.52.2.7 -r1.52.2.8 --- RequestImpl.java 2001/03/15 19:00:37 1.52.2.7 +++ RequestImpl.java 2001/04/17 10:43:52 1.52.2.8 @@ -357,9 +357,6 @@ */ public Principal getUserPrincipal() { if( getRemoteUser() == null ) return null; - if( principal == null ) { - principal=new SimplePrincipal( getRemoteUser() ); - } return principal; } @@ -380,15 +377,35 @@ } public boolean isUserInRole(String role) { - // if (userRoles != null) { - // if( SecurityTools.haveRole( role, userRoles )) - // return true; - // } - String checkRoles[]=new String[1]; - checkRoles[0]=role; - int status=contextM.doAuthorize(this, response, checkRoles); - return status==0; + +String checkRoles[]=new String[1]; + +// get the servletWrapper... +if ( handler != null ) { +// lookup the alias +String mappedRole = handler.getSecurityRole(role); +if ( mappedRole != null ) { +// use translated role +checkRoles[0] = mappedRole; +} else { + /* XXX + * no alias found - technically we should return false however + * to maintain backwards compatability with earlier tomcat's + * preserver the existing behavior and do a lookup + * using the actual rolename passed to us + */ +checkRoles[0] = role; +} +} else { +/* XXX servletWrapper is null - + * this shouldn't happen but setup for the lookup anyway + */ +checkRoles[0] = role; +} +int status=contextM.doAuthorize(this, response, checkRoles); +return status==0; } + public String getServletPath() { return servletPath;
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
marcsaeg01/03/15 11:00:42 Modified:src/share/org/apache/tomcat/core Tag: tomcat_32 RequestImpl.java Log: The servlet path and path info were being stored in their URL encoded form which violates the servlet spec. According to the Servlet 2.2 API specification errata dated 4/27/2000, the servlet path, path info and path translated values (i.e. getServletPath(), getPathInfo() and getPathTranslated()) should return decoded values. For example http://localhost/space+test.html should return a servlet path of /space test.html and http://localhost/servlet/SnoopServlet/path%20info should return a path info of /path info PR: 657/Bugzilla 369 Revision ChangesPath No revision No revision 1.52.2.7 +14 -2 jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java Index: RequestImpl.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v retrieving revision 1.52.2.6 retrieving revision 1.52.2.7 diff -u -r1.52.2.6 -r1.52.2.7 --- RequestImpl.java 2001/03/06 01:09:51 1.52.2.6 +++ RequestImpl.java 2001/03/15 19:00:37 1.52.2.7 @@ -573,7 +573,13 @@ public void setPathInfo(String pathInfo) { -this.pathInfo = pathInfo; +try{ +this.pathInfo = RequestUtil.URLDecode(pathInfo); +}catch(Exception e){ +if(contextM != null) +contextM.log("RequestImpl.setPathInfo: Unable to decode pathInfo, using encoded version. pathInfo = " + pathInfo); +this.pathInfo = pathInfo; +} } /** Set query string - will be called by forward @@ -585,7 +591,13 @@ } public void setServletPath(String servletPath) { - this.servletPath = servletPath; +try{ +this.servletPath = RequestUtil.URLDecode(servletPath); +}catch(Exception e){ +if(contextM != null) +contextM.log("RequestImpl.setServletPath: Unable to decode servlet path, using encoded version. path = " + servletPath); +this.servletPath = servletPath; +} }
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
nacho 01/01/12 17:08:27 Modified:src/share/org/apache/tomcat/core Tag: tomcat_32 RequestImpl.java Log: Bug Report #757 User Principal incorrectly Maintained Submitted by David Winterfeldt ( [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) Revision ChangesPath No revision No revision 1.52.2.5 +1 -1 jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java Index: RequestImpl.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v retrieving revision 1.52.2.4 retrieving revision 1.52.2.5 diff -u -r1.52.2.4 -r1.52.2.5 --- RequestImpl.java 2000/11/21 02:39:06 1.52.2.4 +++ RequestImpl.java 2001/01/13 01:08:27 1.52.2.5 @@ -726,7 +726,6 @@ pathInfo=null; pathTranslatedIsSet=false; sessionIdSource = null; - // XXX a request need to override those if it cares // about security remoteAddr="127.0.0.1"; @@ -741,6 +740,7 @@ notAuthenticated=true; userRoles=null; reqRoles=null; +principal=null; } // End utils - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
craigmcc00/11/20 18:39:07 Modified:src/share/org/apache/tomcat/core Tag: tomcat_32 RequestImpl.java Log: Lightly refactor the initialization and recycling code to make it easier to subclass this class in an embedded environment. Should have zero impact on usage in standard Tomcat. Submitted by: Shawn McMurdo [EMAIL PROTECTED] Revision ChangesPath No revision No revision 1.52.2.4 +10 -7 jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java Index: RequestImpl.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v retrieving revision 1.52.2.3 retrieving revision 1.52.2.4 diff -u -r1.52.2.3 -r1.52.2.4 --- RequestImpl.java 2000/11/10 02:50:01 1.52.2.3 +++ RequestImpl.java 2000/11/21 02:39:06 1.52.2.4 @@ -167,7 +167,7 @@ public RequestImpl() { // System.out.println("XXX new ri " ); headers = new MimeHeaders(); - recycle(); // XXX need better placement-super() + initRequest(); } public void setContext(Context context) { @@ -694,12 +694,7 @@ } } -// End utils -public void recycle() { -if( requestFacade != null context!=null ) { -context.getFacadeManager().recycle(this); -} - +private void initRequest() { context = null; attributes.clear(); parameters.clear(); @@ -746,6 +741,14 @@ notAuthenticated=true; userRoles=null; reqRoles=null; +} + +// End utils +public void recycle() { +if( requestFacade != null context != null ) { + context.getFacadeManager().recycle(this); + } + initRequest(); } public MimeHeaders getMimeHeaders() {