From: Jonathan O. <os...@us...> - 2007-10-30 20:24:25
|
Update of /cvsroot/dlsciences/dlese-tools-project/src/org/dlese/dpc/schemedit/security/access In directory sc8-pr-cvs12.sourceforge.net:/tmp/cvs-serv29455/security/access Modified Files: AuthorizationFilter.java Log Message: removed absolute paths and eliminated redirects in support of ssl Index: AuthorizationFilter.java =================================================================== RCS file: /cvsroot/dlsciences/dlese-tools-project/src/org/dlese/dpc/schemedit/security/access/AuthorizationFilter.java,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** AuthorizationFilter.java 26 Oct 2007 17:24:08 -0000 1.7 --- AuthorizationFilter.java 30 Oct 2007 20:24:20 -0000 1.8 *************** *** 5,8 **** --- 5,9 ---- import java.io.IOException; import java.net.URLEncoder; + import java.net.URL; import javax.servlet.*; import javax.servlet.http.*; *************** *** 15,18 **** --- 16,20 ---- import org.dlese.dpc.schemedit.Constants; + import org.dlese.dpc.schemedit.SchemEditUtils; import org.dlese.dpc.schemedit.security.login.PasswordHelper; import org.dlese.dpc.schemedit.security.user.User; *************** *** 85,89 **** throws IOException, ServletException { ! // prtln ("\n---------------------\ndoFilter()"); HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; --- 87,91 ---- throws IOException, ServletException { ! prtln ("\n---------------------\ndoFilter()"); HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; *************** *** 92,95 **** --- 94,102 ---- FilterInfo filterInfo = new FilterInfo (req); + if (session == null) + prtln ("\tsession is NULL"); + else + prtln ("\t session: " + session.getId()); + /* bypass when authorization is turned off */ if (!authenticationEnabled) { *************** *** 151,157 **** GuardedPath gp = accessManager.matchGuardedPath(req.getServletPath()); if (gp != null) { ! // prtln ("guarded path: " + gp.getPath() + " requiredRole: " + gp.getRole()); requiredRole = gp.getRole(); } if (requiredRole == Roles.NO_ROLE) { --- 158,167 ---- GuardedPath gp = accessManager.matchGuardedPath(req.getServletPath()); if (gp != null) { ! prtln ("guarded path: " + gp.getPath() + " requiredRole: " + gp.getRole()); requiredRole = gp.getRole(); } + else { + prtln ("guarded path NOT found for servletPath: " + req.getServletPath()); + } if (requiredRole == Roles.NO_ROLE) { *************** *** 161,166 **** --- 171,180 ---- return; } + + showRequestInfoVerbose (req); + if (user != null) { + prtln ("USER is " + user.getUsername()); if (user.hasRole( requiredRole )) { filterInfo.put ("user", user.getUsername()); *************** *** 171,174 **** --- 185,191 ---- } } + else { + prtln ("USER is NULL"); + } errors.add ("error", new ActionError ("error.authentication.required")); *************** *** 176,180 **** String dispatchUrl = onErrorUrl; try { ! String dest = req.getRequestURL().toString(); if (req.getQueryString() != null) dest += "?" + req.getQueryString(); --- 193,207 ---- String dispatchUrl = onErrorUrl; try { ! // String dest = req.getRequestURL().toString(); ! ! // use just the PATH component of requestURL for dest base ! String requestUrl = req.getRequestURL().toString(); ! String dest = new URL (requestUrl).getPath(); ! if (dest.indexOf (req.getContextPath()) != 0) { ! throw new Exception ("requestUrl path (" + dest + ") does not begin with \"" + ! req.getContextPath()); ! } ! dest = dest.substring (req.getContextPath().length()); ! prtln ("dest: " + dest); if (req.getQueryString() != null) dest += "?" + req.getQueryString(); *************** *** 188,193 **** // req.getRequestDispatcher(dispatchUrl).forward(req, res); prtln ("contextPath: " + req.getContextPath()); ! res.sendRedirect(req.getContextPath() + dispatchUrl); ! } --- 215,231 ---- // req.getRequestDispatcher(dispatchUrl).forward(req, res); prtln ("contextPath: " + req.getContextPath()); ! // res.sendRedirect(req.getContextPath() + dispatchUrl); ! ! ! /* ! String redirectUrl = req.getContextPath()+onErrorUrl; ! prtln ("\nREDIRECTING TO " + redirectUrl); ! res.sendRedirect(redirectUrl); ! */ ! ! ! String dispatchPath = onErrorUrl; ! prtln ("\n DISPATCHING to " + dispatchPath); ! req.getRequestDispatcher (dispatchUrl).forward (req, res); } *************** *** 262,265 **** --- 300,308 ---- prtln ("\t pathTranslated: " + request.getPathTranslated()); prtln ("\t pathInfo: " + request.getPathInfo()); + HttpSession session = request.getSession(); + if (session == null) + prtln ("Session: NULL"); + else + prtln ("Session: " + session.getId()); prtln ("\nrequest attributes"); for (Enumeration e=request.getAttributeNames();e.hasMoreElements();) { *************** *** 284,287 **** --- 327,331 ---- static void prtln(String s) { if (debug) { + /* while (s.length() > 0 && s.charAt(0) == '\n') { System.out.println (""); *************** *** 289,292 **** --- 333,338 ---- } System.out.println("AuthorizationFilter: " + s); + */ + SchemEditUtils.prtln (s, "AuthorizationFilter"); } } |