What would be the best way to escape commas in role strings in the roles attribute? We have roles defined as LDAP DNs, which contains commas. I guess it would be possible to use \,
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
/**
* This class used container-managed security to check access
@@ -39,8 +38,9 @@
return true; // no roles define, allow everyone
} else {
// Get the list of roles this menu allows
- String[] allowedRoles = StringUtils.split(menu.getRoles(),",");
+ String[] allowedRoles = menu.getRoles().split("[^\\\\],");
for (int i=0; i < allowedRoles.length; i++) {
+ allowedRoles[i] = allowedRoles[i].replaceAll("\\\\,", ",");
if (request.isUserInRole(allowedRoles[i])) {
return true;
}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What would be the best way to escape commas in role strings in the roles attribute? We have roles defined as LDAP DNs, which contains commas. I guess it would be possible to use \,
I would try \, - if that doesn't work, we'll probably have to make some code changes to make this work.
Here's a patch for RolesPermissionAdapter.java. Required jdk 1.4+ though.
[torgeir@atlantis menu]$ diff -u RolesPermissionsAdapter.java-orig RolesPermissionsAdapter.java
--- RolesPermissionsAdapter.java-orig 2006-03-13 20:55:05.000000000 +1000
+++ RolesPermissionsAdapter.java 2006-03-13 20:56:41.000000000 +1000
@@ -7,7 +7,6 @@
package net.sf.navigator.menu;
import javax.servlet.http.HttpServletRequest;
-import org.apache.commons.lang.StringUtils;
/**
* This class used container-managed security to check access
@@ -39,8 +38,9 @@
return true; // no roles define, allow everyone
} else {
// Get the list of roles this menu allows
- String[] allowedRoles = StringUtils.split(menu.getRoles(),",");
+ String[] allowedRoles = menu.getRoles().split("[^\\\\],");
for (int i=0; i < allowedRoles.length; i++) {
+ allowedRoles[i] = allowedRoles[i].replaceAll("\\\\,", ",");
if (request.isUserInRole(allowedRoles[i])) {
return true;
}
Thanks - I've entered an issue for this in JIRA:
http://issues.appfuse.org/browse/SM-8
The [^\\\\], pattern doesn't really work, since it includes any char preceeding the comma.
I think the correct pattern would be (?<!\\\\), (using negative lookbehind).
And it would be an idea to precompile the pattern;
protected Pattern delimiters = Pattern.compile("(?<!\\\\),");
String[] allowedRoles = delimiters.split(menu.getRoles());
etc.