Author: markt Date: Fri Mar 3 14:24:16 2017 New Revision: 1785310 URL: http://svn.apache.org/viewvc?rev=1785310&view=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60469 Refactor RealmBase for better code re-use when implementing Realms that use a custom Principal.
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1785310&r1=1785309&r2=1785310&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original) +++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Fri Mar 3 14:24:16 2017 @@ -913,30 +913,32 @@ public abstract class RealmBase extends /** * Return <code>true</code> if the specified Principal has the specified * security role, within the context of this Realm; otherwise return - * <code>false</code>. This method can be overridden by Realm - * implementations, but the default is adequate when an instance of - * <code>GenericPrincipal</code> is used to represent authenticated - * Principals from this Realm. + * <code>false</code>. This method or {@link #hasRoleInternal(Principal, + * String)} can be overridden by Realm implementations, but the default is + * adequate when an instance of <code>GenericPrincipal</code> is used to + * represent authenticated Principals from this Realm. * + * @param wrapper The servlet to which the current request is mapped * @param principal Principal for whom the role is to be checked - * @param role Security role to be checked + * @param role Security role to be checked */ @Override public boolean hasRole(Wrapper wrapper, Principal principal, String role) { // Check for a role alias defined in a <security-role-ref> element if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); - if (realRole != null) + if (realRole != null) { role = realRole; + } } // Should be overridden in JAASRealm - to avoid pretty inefficient conversions - if ((principal == null) || (role == null) || - !(principal instanceof GenericPrincipal)) + if (principal == null || role == null) { return false; + } + + boolean result = hasRoleInternal(principal, role); - GenericPrincipal gp = (GenericPrincipal) principal; - boolean result = gp.hasRole(role); if (log.isDebugEnabled()) { String name = principal.getName(); if (result) @@ -944,8 +946,30 @@ public abstract class RealmBase extends else log.debug(sm.getString("realmBase.hasRoleFailure", name, role)); } - return (result); + return result; + } + + + /** + * Return <code>true</code> if the specified Principal has the specified + * security role, within the context of this Realm; otherwise return + * <code>false</code>. This method or {@link #hasRoleInternal(Principal, + * String)} can be overridden by Realm implementations, but the default is + * adequate when an instance of <code>GenericPrincipal</code> is used to + * represent authenticated Principals from this Realm. + * + * @param principal Principal for whom the role is to be checked + * @param role Security role to be checked + */ + protected boolean hasRoleInternal(Principal principal, String role) { + // Should be overridden in JAASRealm - to avoid pretty inefficient conversions + if (!(principal instanceof GenericPrincipal)) { + return false; + } + + GenericPrincipal gp = (GenericPrincipal) principal; + return gp.hasRole(role); } Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1785310&r1=1785309&r2=1785310&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Fri Mar 3 14:24:16 2017 @@ -48,6 +48,11 @@ <subsection name="Catalina"> <changelog> <fix> + <bug>60469</bug>: Refactor <code>RealmBase</code> for better code re-use + when implementing Realms that use a custom <code>Principal</code>. + (markt) + </fix> + <fix> <bug>60490</bug>: Various formatting and layout improvements for the <code>ErrorReportValve</code>. Patch provided by Michael Osipov. (markt) </fix> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org