billbarker 2003/12/11 22:16:18
Modified: catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Getting back to strict compliance with the Spec for AAA.
My last patch included and illegal optimization (check methods before checking
path). Now methods are correctly checked after the path has been checked.
Also including some of Remy's optimizations from the Filter mapping code.
This doesn't include Phillepe's idea of caching the mappings. This is largely
because the submitted patch is broken (it assumes that the Realm is configured at the
Context level), but I like the idea. I'd like to add a config switch to cache
security-constraint mapping (defaulting to what the list's opinions are).
Revision Changes Path
1.21 +69 -64
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Index: RealmBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- RealmBase.java 11 Dec 2003 05:50:39 -0000 1.20
+++ RealmBase.java 12 Dec 2003 06:16:18 -0000 1.21
@@ -464,18 +464,20 @@
String method = hreq.getMethod();
int i;
+ boolean found = false;
for (i = 0; i < constraints.length; i++) {
SecurityCollection [] collection = constraints[i].findCollections();
-
+
if (log.isDebugEnabled())
log.debug(" Checking constraint '" + constraints[i] +
"' against " + method + " " + uri + " --> " +
constraints[i].included(uri, method));
for(int j=0; j < collection.length; j++){
- if(collection[j].findMethod(method)) {
- String [] patterns = collection[j].findPatterns();
- for(int k=0; k < patterns.length; k++) {
- if(uri.equals(patterns[k])) {
+ String [] patterns = collection[j].findPatterns();
+ for(int k=0; k < patterns.length; k++) {
+ if(uri.equals(patterns[k])) {
+ found = true;
+ if(collection[j].findMethod(method)) {
if(results == null) {
results = new ArrayList();
}
@@ -484,15 +486,12 @@
}
}
}
- }
- if(results != null) {
+ }
+ if(found) {
return resultsToArray(results);
}
int longest = -1;
- String testURI = uri;
- if(uri.endsWith("/")) {
- testURI = uri.substring(0,uri.length()-1);
- }
+
for (i = 0; i < constraints.length; i++) {
SecurityCollection [] collection = constraints[i].findCollections();
@@ -501,37 +500,44 @@
"' against " + method + " " + uri + " --> " +
constraints[i].included(uri, method));
for(int j=0; j < collection.length; j++){
- if(collection[j].findMethod(method)) {
- String [] patterns = collection[j].findPatterns();
- boolean matched = false;
- int length = -1;
- for(int k=0; k < patterns.length; k++) {
- String pattern = patterns[j];
- if(pattern.startsWith("/") && pattern.endsWith("/*") &&
- pattern.length() >= longest) {
+ String [] patterns = collection[j].findPatterns();
+ boolean matched = false;
+ int length = -1;
+ for(int k=0; k < patterns.length; k++) {
+ String pattern = patterns[j];
+ if(pattern.startsWith("/") && pattern.endsWith("/*") &&
+ pattern.length() >= longest) {
- if(pattern.length() == 0) {
- matched = true;
- length = pattern.length();
- } else if(testURI.startsWith(pattern)) {
- matched = true;
- length = pattern.length();
- }
+ if(pattern.length() == 2) {
+ matched = true;
+ length = pattern.length();
+ } else if(pattern.regionMatches(0,uri,0,
+ pattern.length()-2)) {
+ matched = true;
+ length = pattern.length();
}
}
- if(matched) {
+ }
+ if(matched) {
+ found = true;
+ if(length > longest) {
+ if(results != null) {
+ results.clear();
+ }
+ longest = length;
+ }
+ if(collection[j].findMethod(method)) {
if(results == null) {
results = new ArrayList();
- } else if(length > longest) {
- results.clear();
- longest = length;
}
results.add(constraints[i]);
- break;
}
}
}
}
+ if(found) {
+ return resultsToArray(results);
+ }
for (i = 0; i < constraints.length; i++) {
SecurityCollection [] collection = constraints[i].findCollections();
@@ -541,31 +547,33 @@
constraints[i].included(uri, method));
boolean matched = false;
for(int j=0; j < collection.length; j++){
- if(collection[j].findMethod(method)) {
- String [] patterns = collection[j].findPatterns();
- for(int k=0; k < patterns.length && !matched; k++) {
- String pattern = patterns[j];
- if(pattern.startsWith("*.")){
- int slash = testURI.lastIndexOf("/");
- int dot = testURI.lastIndexOf(".");
- if(slash >= 0 && dot > slash) {
- if(testURI.endsWith(pattern.substring(1))) {
- matched = true;
- }
+ String [] patterns = collection[j].findPatterns();
+ for(int k=0; k < patterns.length && !matched; k++) {
+ String pattern = patterns[j];
+ if(pattern.startsWith("*.")){
+ int slash = uri.lastIndexOf("/");
+ int dot = uri.lastIndexOf(".");
+ if(slash >= 0 && dot > slash &&
+ dot != uri.length()-1 &&
+ uri.length()-dot == pattern.length()-1) {
+ if(pattern.regionMatches(1,uri,dot,uri.length()-dot)) {
+ matched = true;
}
}
}
}
- if(matched) {
+ }
+ if(matched) {
+ found = true;
+ if(collection[i].findMethod(method)) {
if(results == null) {
results = new ArrayList();
}
results.add(constraints[i]);
- break;
}
}
}
- if(results != null) {
+ if(found) {
return resultsToArray(results);
}
for (i = 0; i < constraints.length; i++) {
@@ -576,22 +584,19 @@
"' against " + method + " " + uri + " --> " +
constraints[i].included(uri, method));
for(int j=0; j < collection.length; j++){
- if(collection[j].findMethod(method)) {
- String [] patterns = collection[j].findPatterns();
- boolean matched = false;
- for(int k=0; k < patterns.length && !matched; k++) {
- String pattern = patterns[j];
- if(pattern.equals("/")){
- matched = true;
- }
- }
- if(matched) {
- if(results == null) {
- results = new ArrayList();
- }
- results.add(constraints[i]);
- break;
+ String [] patterns = collection[j].findPatterns();
+ boolean matched = false;
+ for(int k=0; k < patterns.length && !matched; k++) {
+ String pattern = patterns[j];
+ if(pattern.equals("/")){
+ matched = true;
}
+ }
+ if(matched) {
+ if(results == null) {
+ results = new ArrayList();
+ }
+ results.add(constraints[i]);
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
