cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
nacho 01/04/17 03:43:58
Modified:src/share/org/apache/tomcat/request Tag: tomcat_32
SimpleRealm.java JDBCRealm.java
src/share/org/apache/tomcat/core Tag: tomcat_32
RequestImpl.java
Log:
* Security problems with getUserPrincipal,
a not authenticated request got the roles
from the last succesful auth ..
* security-role-ref no correctly honored
Submitted by : Thom Park (tpar at borland.com)
Revision ChangesPath
No revision
No revision
1.5.2.2 +1 -0
jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/SimpleRealm.java
Index: SimpleRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/SimpleRealm.java,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -r1.5.2.1 -r1.5.2.2
--- SimpleRealm.java 2000/10/17 23:36:24 1.5.2.1
+++ SimpleRealm.java 2001/04/17 10:43:41 1.5.2.2
@@ -133,6 +133,7 @@
if( memoryRealm.checkPassword( user, password ) ) {
if( debug 0 ) log( "Auth ok, user=" + user );
req.setRemoteUser( user );
+req.setUserPrincipal(new SimplePrincipal(user));
Context ctx = req.getContext();
if (ctx != null)
req.setAuthType(ctx.getAuthMethod());
1.9.2.9 +1 -0
jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/JDBCRealm.java
Index: JDBCRealm.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/JDBCRealm.java,v
retrieving revision 1.9.2.8
retrieving revision 1.9.2.9
diff -u -r1.9.2.8 -r1.9.2.9
--- JDBCRealm.java2001/02/23 22:07:55 1.9.2.8
+++ JDBCRealm.java2001/04/17 10:43:43 1.9.2.9
@@ -453,6 +453,7 @@
if ( authenticate( user, password ) ) {
if( debug 0 ) log( "Auth ok, user=" + user );
req.setRemoteUser( user );
+req.setUserPrincipal(new SimplePrincipal(user));
Context ctx = req.getContext();
if (ctx != null)
req.setAuthType(ctx.getAuthMethod());
No revision
No revision
1.52.2.8 +28 -11
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java
Index: RequestImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v
retrieving revision 1.52.2.7
retrieving revision 1.52.2.8
diff -u -r1.52.2.7 -r1.52.2.8
--- RequestImpl.java 2001/03/15 19:00:37 1.52.2.7
+++ RequestImpl.java 2001/04/17 10:43:52 1.52.2.8
@@ -357,9 +357,6 @@
*/
public Principal getUserPrincipal() {
if( getRemoteUser() == null ) return null;
- if( principal == null ) {
- principal=new SimplePrincipal( getRemoteUser() );
- }
return principal;
}
@@ -380,15 +377,35 @@
}
public boolean isUserInRole(String role) {
- // if (userRoles != null) {
- // if( SecurityTools.haveRole( role, userRoles ))
- // return true;
- // }
- String checkRoles[]=new String[1];
- checkRoles[0]=role;
- int status=contextM.doAuthorize(this, response, checkRoles);
- return status==0;
+
+String checkRoles[]=new String[1];
+
+// get the servletWrapper...
+if ( handler != null ) {
+// lookup the alias
+String mappedRole = handler.getSecurityRole(role);
+if ( mappedRole != null ) {
+// use translated role
+checkRoles[0] = mappedRole;
+} else {
+ /* XXX
+ * no alias found - technically we should return false however
+ * to maintain backwards compatability with earlier tomcat's
+ * preserver the existing behavior and do a lookup
+ * using the actual rolename passed to us
+ */
+checkRoles[0] = role;
+}
+} else {
+/* XXX servletWrapper is null -
+ * this shouldn't happen but setup for the lookup anyway
+ */
+checkRoles[0] = role;
+}
+int status=contextM.doAuthorize(this, response, checkRoles);
+return status==0;
}
+
public String getServletPath() {
return servletPath;
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
marcsaeg01/03/15 11:00:42
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
RequestImpl.java
Log:
The servlet path and path info were being stored in their URL encoded
form which violates the servlet spec.
According to the Servlet 2.2 API specification errata dated 4/27/2000,
the servlet path, path info and path translated values (i.e.
getServletPath(), getPathInfo() and getPathTranslated()) should return
decoded values.
For example
http://localhost/space+test.html
should return a servlet path of
/space test.html
and
http://localhost/servlet/SnoopServlet/path%20info
should return a path info of
/path info
PR: 657/Bugzilla 369
Revision ChangesPath
No revision
No revision
1.52.2.7 +14 -2
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java
Index: RequestImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v
retrieving revision 1.52.2.6
retrieving revision 1.52.2.7
diff -u -r1.52.2.6 -r1.52.2.7
--- RequestImpl.java 2001/03/06 01:09:51 1.52.2.6
+++ RequestImpl.java 2001/03/15 19:00:37 1.52.2.7
@@ -573,7 +573,13 @@
public void setPathInfo(String pathInfo) {
-this.pathInfo = pathInfo;
+try{
+this.pathInfo = RequestUtil.URLDecode(pathInfo);
+}catch(Exception e){
+if(contextM != null)
+contextM.log("RequestImpl.setPathInfo: Unable to decode pathInfo,
using encoded version. pathInfo = " + pathInfo);
+this.pathInfo = pathInfo;
+}
}
/** Set query string - will be called by forward
@@ -585,7 +591,13 @@
}
public void setServletPath(String servletPath) {
- this.servletPath = servletPath;
+try{
+this.servletPath = RequestUtil.URLDecode(servletPath);
+}catch(Exception e){
+if(contextM != null)
+contextM.log("RequestImpl.setServletPath: Unable to decode servlet
path, using encoded version. path = " + servletPath);
+this.servletPath = servletPath;
+}
}
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
nacho 01/01/12 17:08:27 Modified:src/share/org/apache/tomcat/core Tag: tomcat_32 RequestImpl.java Log: Bug Report #757 User Principal incorrectly Maintained Submitted by David Winterfeldt ( [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ) Revision ChangesPath No revision No revision 1.52.2.5 +1 -1 jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java Index: RequestImpl.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v retrieving revision 1.52.2.4 retrieving revision 1.52.2.5 diff -u -r1.52.2.4 -r1.52.2.5 --- RequestImpl.java 2000/11/21 02:39:06 1.52.2.4 +++ RequestImpl.java 2001/01/13 01:08:27 1.52.2.5 @@ -726,7 +726,6 @@ pathInfo=null; pathTranslatedIsSet=false; sessionIdSource = null; - // XXX a request need to override those if it cares // about security remoteAddr="127.0.0.1"; @@ -741,6 +740,7 @@ notAuthenticated=true; userRoles=null; reqRoles=null; +principal=null; } // End utils - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core RequestImpl.java
craigmcc00/11/20 18:39:07
Modified:src/share/org/apache/tomcat/core Tag: tomcat_32
RequestImpl.java
Log:
Lightly refactor the initialization and recycling code to make it easier to
subclass this class in an embedded environment. Should have zero impact on
usage in standard Tomcat.
Submitted by: Shawn McMurdo [EMAIL PROTECTED]
Revision ChangesPath
No revision
No revision
1.52.2.4 +10 -7
jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java
Index: RequestImpl.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Attic/RequestImpl.java,v
retrieving revision 1.52.2.3
retrieving revision 1.52.2.4
diff -u -r1.52.2.3 -r1.52.2.4
--- RequestImpl.java 2000/11/10 02:50:01 1.52.2.3
+++ RequestImpl.java 2000/11/21 02:39:06 1.52.2.4
@@ -167,7 +167,7 @@
public RequestImpl() {
// System.out.println("XXX new ri " );
headers = new MimeHeaders();
- recycle(); // XXX need better placement-super()
+ initRequest();
}
public void setContext(Context context) {
@@ -694,12 +694,7 @@
}
}
-// End utils
-public void recycle() {
-if( requestFacade != null context!=null ) {
-context.getFacadeManager().recycle(this);
-}
-
+private void initRequest() {
context = null;
attributes.clear();
parameters.clear();
@@ -746,6 +741,14 @@
notAuthenticated=true;
userRoles=null;
reqRoles=null;
+}
+
+// End utils
+public void recycle() {
+if( requestFacade != null context != null ) {
+ context.getFacadeManager().recycle(this);
+ }
+ initRequest();
}
public MimeHeaders getMimeHeaders() {
