From: Scott S. <sco...@jb...> - 2005-04-22 21:17:20
|
User: starksm Date: 05/04/22 17:17:08 Added: src/main/org/jboss/web WebPermissionMapping.java Log: A utility class encapsulating the logic for building the web container JACC permission from a deployment's metadata. Revision Changes Path 1.1 date: 2005/04/22 21:17:08; author: starksm; state: Exp;jboss/src/main/org/jboss/web/WebPermissionMapping.java Index: WebPermissionMapping.java =================================================================== /* * JBoss, Home of Professional Open Source * * Distributable under LGPL license. * See terms of license at gnu.org. */ package org.jboss.web; import java.util.Iterator; import java.util.HashMap; import java.util.HashSet; import java.util.Arrays; import java.util.Map; import java.util.Set; import java.util.ArrayList; import javax.security.jacc.PolicyConfiguration; import javax.security.jacc.PolicyContextException; import javax.security.jacc.WebResourcePermission; import javax.security.jacc.WebUserDataPermission; import javax.security.jacc.WebRoleRefPermission; import org.jboss.metadata.WebMetaData; import org.jboss.metadata.WebSecurityMetaData; import org.jboss.metadata.SecurityRoleRefMetaData; /** * A utility class encapsulating the logic for building the web container JACC * permission from a deployment's metadata. * * @author Sco...@jb... * @version $Revision: 1.1 $ */ public class WebPermissionMapping { /** * Apply the JACC rules for creating permissions from the web.xml * security-constraints. * * @param metaData - the web deployment web.xml/jboss-web.xml metadata * @param pc - the active JACC policy configuration * @throws PolicyContextException */ public static void createPermissions(WebMetaData metaData, PolicyConfiguration pc) throws PolicyContextException { Iterator constraints = metaData.getSecurityContraints(); // The url pattern to http methods for patterns for WebResourcePermission HashMap patternsWithHttpMethodSubsetsWRP = new HashMap(); // The url pattern to http methods for patterns for WebUserDataPermission HashMap patternsWithHttpMethodSubsetsWUDP = new HashMap(); while( constraints.hasNext() ) { WebSecurityMetaData wsmd = (WebSecurityMetaData) constraints.next(); String transport = wsmd.getTransportGuarantee(); if( transport != null && transport.equalsIgnoreCase("NONE") ) transport = null; if( wsmd.isExcluded() || wsmd.isUnchecked() ) { // Build the permissions for the excluded/unchecked resources Iterator resources = wsmd.getWebResources().values().iterator(); while( resources.hasNext() ) { WebSecurityMetaData.WebResourceCollection wrc = (WebSecurityMetaData.WebResourceCollection) resources.next(); String[] httpMethods = wrc.getHttpMethods(); String[] urlPatterns = wrc.getUrlPatterns(); for(int n = 0; n < urlPatterns.length; n ++) { String url = urlPatterns[n]; WebResourcePermission p = new WebResourcePermission(url, httpMethods); WebUserDataPermission p2 = new WebUserDataPermission(url, httpMethods, wsmd.getTransportGuarantee()); if( wsmd.isExcluded() ) { pc.addToExcludedPolicy(p); pc.addToExcludedPolicy(p2); } else { pc.addToUncheckedPolicy(p); pc.addToUncheckedPolicy(p2); } // Track the incomplete coverage of http methods if( urlPatterns.length > 0 ) { HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); if( methodsWRP == null ) { methodsWRP = new HashSet(); patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); } /* Only add methods to excluded perms because incomplete coverage of unchecked perms http method should not exclude the explicitly stated http methods. For example, a url pattern /unchecked with explicit https method POST, GET that as no auth constraint should result in a unchecked permission that includes all http methods since the logic for incomplete coverage would add an unchecked permission with the missing methods: DELETE, PUT, HEAD, OPTIONS, TRACE. However, two unchecked permissions whose union of http methods covers all methods does not result in a permission collection that implies WebResourcePermission("/unchecked, null). So we leave off the http methods for the explicit unchecked permission so that an unchecked permission with a null http methods spec results if appropriate. */ if( wsmd.isExcluded() ) methodsWRP.addAll(Arrays.asList(httpMethods)); HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); if( methodsWUDP == null ) { methodsWUDP = new HashSet(); patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); } if( wsmd.isExcluded() || transport != null ) methodsWUDP.addAll(Arrays.asList(httpMethods)); } } } } else { // Build the permission for the resources x roles Iterator resources = wsmd.getWebResources().values().iterator(); while( resources.hasNext() ) { WebSecurityMetaData.WebResourceCollection wrc = (WebSecurityMetaData.WebResourceCollection) resources.next(); String[] httpMethods = wrc.getHttpMethods(); String[] urlPatterns = wrc.getUrlPatterns(); for(int n = 0; n < urlPatterns.length; n ++) { String url = urlPatterns[n]; WebResourcePermission p = new WebResourcePermission(url, httpMethods); WebUserDataPermission p2 = new WebUserDataPermission(url, httpMethods, wsmd.getTransportGuarantee()); Iterator roles = wsmd.getRoles().iterator(); while( roles.hasNext() ) { String role = (String) roles.next(); if( role.equals("*") ) { // The wildcard ref maps to all declared security-role names Iterator allRoles = metaData.getSecurityRoleNames().iterator(); while( allRoles.hasNext() ) { role = (String) allRoles.next(); pc.addToRole(role, p); } } else { pc.addToRole(role, p); } } pc.addToUncheckedPolicy(p2); // Track the incomplete coverage of http methods if( urlPatterns.length > 0 ) { HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); if( methodsWRP == null ) { methodsWRP = new HashSet(); patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); } methodsWRP.addAll(Arrays.asList(httpMethods)); HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); if( methodsWUDP == null ) { methodsWUDP = new HashSet(); patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); } if( transport != null ) methodsWUDP.addAll(Arrays.asList(httpMethods)); } } } } } /* Create unchecked permissions. We are required to create an unchecked permission for every url pattern that is not covered by a every possible http method. */ Iterator iter = patternsWithHttpMethodSubsetsWRP.entrySet().iterator(); while( iter.hasNext() ) { Map.Entry e = (Map.Entry) iter.next(); String url = (String) e.getKey(); HashSet methods = (HashSet) e.getValue(); String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); if( missingMethods.length > 0 ) { WebResourcePermission p = new WebResourcePermission(url, missingMethods); pc.addToUncheckedPolicy(p); } else { // The union for this pattern has all methods so remove it iter.remove(); } } iter = patternsWithHttpMethodSubsetsWUDP.entrySet().iterator(); while( iter.hasNext() ) { Map.Entry e = (Map.Entry) iter.next(); String url = (String) e.getKey(); HashSet methods = (HashSet) e.getValue(); String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); if( missingMethods.length > 0 ) { WebUserDataPermission p2 = new WebUserDataPermission(url, missingMethods, null); pc.addToUncheckedPolicy(p2); } else { // The union for this pattern has all methods so remove it iter.remove(); } } /* 3.1.3.1 Translating security-constraint Elements ... A WebResourcePermission and a WebUserDataPermission must be added to the unchecked policy statements for each url-pattern in the deployment descriptor and the default pattern, "/", that is not combined by the webresource-collection elements of the deployment descriptor with every HTTP method value. The permission objects must be constructed using the qualified pattern as their name and with actions defined by the subset of the HTTP methods that do not occur in combination with the pattern.The resulting permissions must be added to the unchecked policy statements by calling the addToUncheckedPolicy method on the PolicyConfiguration object. */ if( patternsWithHttpMethodSubsetsWRP.size() > 0 ) { if( patternsWithHttpMethodSubsetsWRP.containsKey("/") == false ) patternsWithHttpMethodSubsetsWRP.put("/", null); iter = patternsWithHttpMethodSubsetsWRP.keySet().iterator(); StringBuffer allURLs = new StringBuffer(); while( iter.hasNext() ) { String url = (String) iter.next(); allURLs.append(url); allURLs.append(':'); } allURLs.setLength(allURLs.length()-1); String all = allURLs.toString(); WebResourcePermission p = new WebResourcePermission(all, (String) null); pc.addToUncheckedPolicy(p); WebUserDataPermission p2 = new WebUserDataPermission(all, null); pc.addToUncheckedPolicy(p2); } patternsWithHttpMethodSubsetsWRP.clear(); patternsWithHttpMethodSubsetsWUDP.clear(); /* Create WebRoleRefPermissions for all servlet/security-role-refs along with all the cross product of servlets and security-role elements that are not referenced via a security-role-ref as described in JACC section 3.1.3.2 */ Set unreferencedRoles = metaData.getSecurityRoleNames(); Map servletRoleRefs = metaData.getSecurityRoleRefs(); Iterator roleRefsIter = servletRoleRefs.keySet().iterator(); while( roleRefsIter.hasNext() ) { String servletName = (String) roleRefsIter.next(); ArrayList roleRefs = (ArrayList) servletRoleRefs.get(servletName); for(int n = 0; n < roleRefs.size(); n ++) { SecurityRoleRefMetaData roleRef = (SecurityRoleRefMetaData) roleRefs.get(n); String roleName = roleRef.getLink(); WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, roleRef.getName()); pc.addToRole(roleName, wrrp); /* A bit of a hack due to how tomcat calls out to its Realm.hasRole() with a role name that has been mapped to the role-link value. We may need to handle this with a custom request wrapper. */ wrrp = new WebRoleRefPermission(servletName, roleName); pc.addToRole(roleRef.getName(), wrrp); // Remove the role from the unreferencedRoles unreferencedRoles.remove(roleName); } } // Now build the cross product of the unreferencedRoles and servlets Set servletNames = metaData.getServletNames(); Iterator names = servletNames.iterator(); while( names.hasNext() ) { String servletName = (String) names.next(); Iterator roles = unreferencedRoles.iterator(); while( roles.hasNext() ) { String role = (String) roles.next(); WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, role); pc.addToRole(role, wrrp); } } } } |
From: Scott S. <sco...@jb...> - 2005-04-22 21:19:27
|
User: starksm Date: 05/04/22 17:19:12 Modified: src/main/org/jboss/web AbstractWebDeployer.java Log: Factor out the JACC permission creation into a seperate WebPermissionMapping class for easier testing Revision Changes Path 1.28 +2 -226 jboss/src/main/org/jboss/web/AbstractWebDeployer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebDeployer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebDeployer.java,v retrieving revision 1.27 retrieving revision 1.28 diff -u -b -r1.27 -r1.28 --- AbstractWebDeployer.java 19 Apr 2005 06:19:38 -0000 1.27 +++ AbstractWebDeployer.java 22 Apr 2005 21:19:12 -0000 1.28 @@ -147,7 +147,7 @@ extends="org.jboss.deployment.SubDeployerMBean" @author Sco...@jb... -@version $Revision: 1.27 $ +@version $Revision: 1.28 $ */ public abstract class AbstractWebDeployer { @@ -860,231 +860,7 @@ protected void createPermissions(WebMetaData metaData, PolicyConfiguration pc) throws PolicyContextException { - Iterator constraints = metaData.getSecurityContraints(); - // The url pattern to http methods for patterns for WebResourcePermiss - HashMap patternsWithHttpMethodSubsetsWRP = new HashMap(); - // The url pattern to http methods for patterns for WebUserDataPermiss - HashMap patternsWithHttpMethodSubsetsWUDP = new HashMap(); - while (constraints.hasNext()) - { - WebSecurityMetaData wsmd = (WebSecurityMetaData) constraints.next(); - String transport = wsmd.getTransportGuarantee(); - if (transport != null && transport.equalsIgnoreCase("NONE")) - transport = null; - if (wsmd.isExcluded() || wsmd.isUnchecked()) - { - // Build the permissions for the excluded/unchecked resources - Iterator resources = wsmd.getWebResources().values().iterator(); - while (resources.hasNext()) - { - WebResourceCollection wrc = (WebResourceCollection) resources.next(); - String[] httpMethods = wrc.getHttpMethods(); - String[] urlPatterns = wrc.getUrlPatterns(); - for (int n = 0; n < urlPatterns.length; n++) - { - String url = urlPatterns[n]; - WebResourcePermission p = new WebResourcePermission(url, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(url, - httpMethods, wsmd.getTransportGuarantee()); - if (wsmd.isExcluded()) - { - pc.addToExcludedPolicy(p); - pc.addToExcludedPolicy(p2); - } - else - { - pc.addToUncheckedPolicy(p); - pc.addToUncheckedPolicy(p2); - } - // Track the incomplete coverage of http methods - if (urlPatterns.length > 0) - { - HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); - if (methodsWRP == null) - { - methodsWRP = new HashSet(); - patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); - } - /* Only add methods to excluded perms because incomplete - coverage of unchecked perms http method should not exclude - the explicitly stated http methods. For example, a url - pattern /unchecked with explicit https method POST, GET that - as no auth constraint should result in a unchecked permission - that includes all http methods since the logic for incomplete - coverage would add an unchecked permission with the missing - methods: DELETE, PUT, HEAD, OPTIONS, TRACE. However, two - unchecked permissions whose union of http methods covers - all methods does not result in a permission collection - that implies WebResourcePermission("/unchecked, null). So - we leave off the http methods for the explicit unchecked - permission so that an unchecked permission with a null - http methods spec results if appropriate. - */ - if (wsmd.isExcluded()) - methodsWRP.addAll(Arrays.asList(httpMethods)); - - HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); - if (methodsWUDP == null) - { - methodsWUDP = new HashSet(); - patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); - } - if (wsmd.isExcluded() || transport != null) - methodsWUDP.addAll(Arrays.asList(httpMethods)); - } - } - } - } - else - { - // Build the permission for the resources x roles - Iterator resources = wsmd.getWebResources().values().iterator(); - while (resources.hasNext()) - { - WebResourceCollection wrc = (WebResourceCollection) resources.next(); - String[] httpMethods = wrc.getHttpMethods(); - String[] urlPatterns = wrc.getUrlPatterns(); - for (int n = 0; n < urlPatterns.length; n++) - { - String url = urlPatterns[n]; - WebResourcePermission p = new WebResourcePermission(url, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(url, - httpMethods, wsmd.getTransportGuarantee()); - Iterator roles = wsmd.getRoles().iterator(); - while (roles.hasNext()) - { - String role = (String) roles.next(); - if( role.equals("*") ) - { - // The wildcard ref maps to all declared security-role names - Iterator allRoles = metaData.getSecurityRoleNames().iterator(); - while( allRoles.hasNext() ) - { - role = (String) allRoles.next(); - pc.addToRole(role, p); - } - } - else - { - pc.addToRole(role, p); - } - } - pc.addToUncheckedPolicy(p2); - // Track the incomplete coverage of http methods - if (urlPatterns.length > 0) - { - HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); - if (methodsWRP == null) - { - methodsWRP = new HashSet(); - patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); - } - methodsWRP.addAll(Arrays.asList(httpMethods)); - - HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); - if (methodsWUDP == null) - { - methodsWUDP = new HashSet(); - patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); - } - if (transport != null) - methodsWUDP.addAll(Arrays.asList(httpMethods)); - } - } - } - } - } - - /* Create unchecked permissions. We are required to create an unchecked - permission for every url pattern that is not covered by a every possible - http method. - */ - Iterator iter = patternsWithHttpMethodSubsetsWRP.entrySet().iterator(); - while (iter.hasNext()) - { - Map.Entry e = (Map.Entry) iter.next(); - String url = (String) e.getKey(); - HashSet methods = (HashSet) e.getValue(); - String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); - WebResourcePermission p = new WebResourcePermission(url, missingMethods); - pc.addToUncheckedPolicy(p); - } - - iter = patternsWithHttpMethodSubsetsWUDP.entrySet().iterator(); - while (iter.hasNext()) - { - Map.Entry e = (Map.Entry) iter.next(); - String url = (String) e.getKey(); - HashSet methods = (HashSet) e.getValue(); - String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); - WebUserDataPermission p2 = new WebUserDataPermission(url, missingMethods, null); - pc.addToUncheckedPolicy(p2); - } - - // - if (patternsWithHttpMethodSubsetsWRP.containsKey("/") == false) - patternsWithHttpMethodSubsetsWRP.put("/", null); - iter = patternsWithHttpMethodSubsetsWRP.keySet().iterator(); - StringBuffer allURLs = new StringBuffer(); - while (iter.hasNext()) - { - String url = (String) iter.next(); - allURLs.append(url); - allURLs.append(':'); - } - allURLs.setLength(allURLs.length() - 1); - String all = allURLs.toString(); - WebResourcePermission p = new WebResourcePermission(all, (String) null); - pc.addToUncheckedPolicy(p); - WebUserDataPermission p2 = new WebUserDataPermission(all, null); - pc.addToUncheckedPolicy(p2); - - patternsWithHttpMethodSubsetsWRP.clear(); - patternsWithHttpMethodSubsetsWUDP.clear(); - - /* Create WebRoleRefPermissions for all servlet/security-role-refs along - with all the cross product of servlets and security-role elements that - are not referenced via a security-role-ref as described in JACC section - 3.1.3.2 - */ - Set unreferencedRoles = metaData.getSecurityRoleNames(); - Map servletRoleRefs = metaData.getSecurityRoleRefs(); - Iterator roleRefsIter = servletRoleRefs.keySet().iterator(); - while (roleRefsIter.hasNext()) - { - String servletName = (String) roleRefsIter.next(); - ArrayList roleRefs = (ArrayList) servletRoleRefs.get(servletName); - for (int n = 0; n < roleRefs.size(); n++) - { - SecurityRoleRefMetaData roleRef = (SecurityRoleRefMetaData) roleRefs.get(n); - String roleName = roleRef.getLink(); - WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, roleRef.getName()); - pc.addToRole(roleName, wrrp); - /* A bit of a hack due to how tomcat calls out to its Realm.hasRole() - with a role name that has been mapped to the role-link value. We - may need to handle this with a custom request wrapper. - */ - wrrp = new WebRoleRefPermission(servletName, roleName); - pc.addToRole(roleRef.getName(), wrrp); - // Remove the role from the unreferencedRoles - unreferencedRoles.remove(roleName); - } - } - - // Now build the cross product of the unreferencedRoles and servlets - Set servletNames = metaData.getServletNames(); - Iterator names = servletNames.iterator(); - while (names.hasNext()) - { - String servletName = (String) names.next(); - Iterator roles = unreferencedRoles.iterator(); - while (roles.hasNext()) - { - String role = (String) roles.next(); - WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, role); - pc.addToRole(role, wrrp); - } - } + WebPermissionMapping.createPermissions(metaData, pc); } /** |
From: Scott S. <sco...@jb...> - 2005-04-22 21:25:48
|
User: starksm Date: 05/04/22 17:25:36 Modified: src/main/org/jboss/web Tag: Branch_4_0 AbstractWebDeployer.java Log: Factor out the JACC permission creation into a seperate WebPermissionMapping class for easier testing Revision Changes Path No revision No revision 1.20.2.6 +2 -235 jboss/src/main/org/jboss/web/AbstractWebDeployer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebDeployer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebDeployer.java,v retrieving revision 1.20.2.5 retrieving revision 1.20.2.6 diff -u -b -r1.20.2.5 -r1.20.2.6 --- AbstractWebDeployer.java 19 Apr 2005 06:16:34 -0000 1.20.2.5 +++ AbstractWebDeployer.java 22 Apr 2005 21:25:36 -0000 1.20.2.6 @@ -11,11 +11,8 @@ import java.net.URL; import java.net.URLClassLoader; import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; -import java.util.Map; import java.util.Set; import java.security.Policy; import javax.management.MBeanServer; @@ -26,9 +23,6 @@ import javax.security.jacc.PolicyConfiguration; import javax.security.jacc.PolicyConfigurationFactory; import javax.security.jacc.PolicyContextException; -import javax.security.jacc.WebResourcePermission; -import javax.security.jacc.WebUserDataPermission; -import javax.security.jacc.WebRoleRefPermission; import org.jboss.deployment.DeploymentException; import org.jboss.deployment.DeploymentInfo; @@ -44,9 +38,6 @@ import org.jboss.metadata.ResourceEnvRefMetaData; import org.jboss.metadata.ResourceRefMetaData; import org.jboss.metadata.WebMetaData; -import org.jboss.metadata.WebSecurityMetaData; -import org.jboss.metadata.SecurityRoleRefMetaData; -import org.jboss.metadata.WebSecurityMetaData.WebResourceCollection; import org.jboss.mx.loading.LoaderRepositoryFactory; import org.jboss.naming.NonSerializableFactory; import org.jboss.naming.Util; @@ -147,7 +138,7 @@ extends="org.jboss.deployment.SubDeployerMBean" @author Sco...@jb... -@version $Revision: 1.20.2.5 $ +@version $Revision: 1.20.2.6 $ */ public abstract class AbstractWebDeployer { @@ -841,231 +832,7 @@ protected void createPermissions(WebMetaData metaData, PolicyConfiguration pc) throws PolicyContextException { - Iterator constraints = metaData.getSecurityContraints(); - // The url pattern to http methods for patterns for WebResourcePermiss - HashMap patternsWithHttpMethodSubsetsWRP = new HashMap(); - // The url pattern to http methods for patterns for WebUserDataPermiss - HashMap patternsWithHttpMethodSubsetsWUDP = new HashMap(); - while( constraints.hasNext() ) - { - WebSecurityMetaData wsmd = (WebSecurityMetaData) constraints.next(); - String transport = wsmd.getTransportGuarantee(); - if( transport != null && transport.equalsIgnoreCase("NONE") ) - transport = null; - if( wsmd.isExcluded() || wsmd.isUnchecked() ) - { - // Build the permissions for the excluded/unchecked resources - Iterator resources = wsmd.getWebResources().values().iterator(); - while( resources.hasNext() ) - { - WebResourceCollection wrc = (WebResourceCollection) resources.next(); - String[] httpMethods = wrc.getHttpMethods(); - String[] urlPatterns = wrc.getUrlPatterns(); - for(int n = 0; n < urlPatterns.length; n ++) - { - String url = urlPatterns[n]; - WebResourcePermission p = new WebResourcePermission(url, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(url, - httpMethods, wsmd.getTransportGuarantee()); - if( wsmd.isExcluded() ) - { - pc.addToExcludedPolicy(p); - pc.addToExcludedPolicy(p2); - } - else - { - pc.addToUncheckedPolicy(p); - pc.addToUncheckedPolicy(p2); - } - // Track the incomplete coverage of http methods - if( urlPatterns.length > 0 ) - { - HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); - if( methodsWRP == null ) - { - methodsWRP = new HashSet(); - patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); - } - /* Only add methods to excluded perms because incomplete - coverage of unchecked perms http method should not exclude - the explicitly stated http methods. For example, a url - pattern /unchecked with explicit https method POST, GET that - as no auth constraint should result in a unchecked permission - that includes all http methods since the logic for incomplete - coverage would add an unchecked permission with the missing - methods: DELETE, PUT, HEAD, OPTIONS, TRACE. However, two - unchecked permissions whose union of http methods covers - all methods does not result in a permission collection - that implies WebResourcePermission("/unchecked, null). So - we leave off the http methods for the explicit unchecked - permission so that an unchecked permission with a null - http methods spec results if appropriate. - */ - if( wsmd.isExcluded() ) - methodsWRP.addAll(Arrays.asList(httpMethods)); - - HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); - if( methodsWUDP == null ) - { - methodsWUDP = new HashSet(); - patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); - } - if( wsmd.isExcluded() || transport != null ) - methodsWUDP.addAll(Arrays.asList(httpMethods)); - } - } - } - } - else - { - // Build the permission for the resources x roles - Iterator resources = wsmd.getWebResources().values().iterator(); - while( resources.hasNext() ) - { - WebResourceCollection wrc = (WebResourceCollection) resources.next(); - String[] httpMethods = wrc.getHttpMethods(); - String[] urlPatterns = wrc.getUrlPatterns(); - for(int n = 0; n < urlPatterns.length; n ++) - { - String url = urlPatterns[n]; - WebResourcePermission p = new WebResourcePermission(url, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(url, - httpMethods, wsmd.getTransportGuarantee()); - Iterator roles = wsmd.getRoles().iterator(); - while( roles.hasNext() ) - { - String role = (String) roles.next(); - if( role.equals("*") ) - { - // The wildcard ref maps to all declared security-role names - Iterator allRoles = metaData.getSecurityRoleNames().iterator(); - while( allRoles.hasNext() ) - { - role = (String) allRoles.next(); - pc.addToRole(role, p); - } - } - else - { - pc.addToRole(role, p); - } - } - pc.addToUncheckedPolicy(p2); - // Track the incomplete coverage of http methods - if( urlPatterns.length > 0 ) - { - HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); - if( methodsWRP == null ) - { - methodsWRP = new HashSet(); - patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); - } - methodsWRP.addAll(Arrays.asList(httpMethods)); - - HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); - if( methodsWUDP == null ) - { - methodsWUDP = new HashSet(); - patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); - } - if( transport != null ) - methodsWUDP.addAll(Arrays.asList(httpMethods)); - } - } - } - } - } - - /* Create unchecked permissions. We are required to create an unchecked - permission for every url pattern that is not covered by a every possible - http method. - */ - Iterator iter = patternsWithHttpMethodSubsetsWRP.entrySet().iterator(); - while( iter.hasNext() ) - { - Map.Entry e = (Map.Entry) iter.next(); - String url = (String) e.getKey(); - HashSet methods = (HashSet) e.getValue(); - String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); - WebResourcePermission p = new WebResourcePermission(url, missingMethods); - pc.addToUncheckedPolicy(p); - } - - iter = patternsWithHttpMethodSubsetsWUDP.entrySet().iterator(); - while( iter.hasNext() ) - { - Map.Entry e = (Map.Entry) iter.next(); - String url = (String) e.getKey(); - HashSet methods = (HashSet) e.getValue(); - String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); - WebUserDataPermission p2 = new WebUserDataPermission(url, missingMethods, null); - pc.addToUncheckedPolicy(p2); - } - - // - if( patternsWithHttpMethodSubsetsWRP.containsKey("/") == false ) - patternsWithHttpMethodSubsetsWRP.put("/", null); - iter = patternsWithHttpMethodSubsetsWRP.keySet().iterator(); - StringBuffer allURLs = new StringBuffer(); - while( iter.hasNext() ) - { - String url = (String) iter.next(); - allURLs.append(url); - allURLs.append(':'); - } - allURLs.setLength(allURLs.length()-1); - String all = allURLs.toString(); - WebResourcePermission p = new WebResourcePermission(all, (String) null); - pc.addToUncheckedPolicy(p); - WebUserDataPermission p2 = new WebUserDataPermission(all, null); - pc.addToUncheckedPolicy(p2); - - patternsWithHttpMethodSubsetsWRP.clear(); - patternsWithHttpMethodSubsetsWUDP.clear(); - - /* Create WebRoleRefPermissions for all servlet/security-role-refs along - with all the cross product of servlets and security-role elements that - are not referenced via a security-role-ref as described in JACC section - 3.1.3.2 - */ - Set unreferencedRoles = metaData.getSecurityRoleNames(); - Map servletRoleRefs = metaData.getSecurityRoleRefs(); - Iterator roleRefsIter = servletRoleRefs.keySet().iterator(); - while( roleRefsIter.hasNext() ) - { - String servletName = (String) roleRefsIter.next(); - ArrayList roleRefs = (ArrayList) servletRoleRefs.get(servletName); - for(int n = 0; n < roleRefs.size(); n ++) - { - SecurityRoleRefMetaData roleRef = (SecurityRoleRefMetaData) roleRefs.get(n); - String roleName = roleRef.getLink(); - WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, roleRef.getName()); - pc.addToRole(roleName, wrrp); - /* A bit of a hack due to how tomcat calls out to its Realm.hasRole() - with a role name that has been mapped to the role-link value. We - may need to handle this with a custom request wrapper. - */ - wrrp = new WebRoleRefPermission(servletName, roleName); - pc.addToRole(roleRef.getName(), wrrp); - // Remove the role from the unreferencedRoles - unreferencedRoles.remove(roleName); - } - } - - // Now build the cross product of the unreferencedRoles and servlets - Set servletNames = metaData.getServletNames(); - Iterator names = servletNames.iterator(); - while( names.hasNext() ) - { - String servletName = (String) names.next(); - Iterator roles = unreferencedRoles.iterator(); - while( roles.hasNext() ) - { - String role = (String) roles.next(); - WebRoleRefPermission wrrp = new WebRoleRefPermission(servletName, role); - pc.addToRole(role, wrrp); - } - } + WebPermissionMapping.createPermissions(metaData, pc); } /** An inner class that maps the WebDescriptorParser.parseWebAppDescriptors() |
From: Scott S. <sco...@jb...> - 2005-04-24 02:06:22
|
User: starksm Date: 05/04/23 22:06:12 Modified: src/main/org/jboss/web Tag: Branch_4_0 WebPermissionMapping.java Log: Update the qualified url pattern name usage and make sure the default pattern is included if not seen in the security constraints. Revision Changes Path No revision No revision 1.1.2.1 +243 -7 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -b -r1.1 -r1.1.2.1 --- WebPermissionMapping.java 22 Apr 2005 21:17:08 -0000 1.1 +++ WebPermissionMapping.java 24 Apr 2005 02:06:12 -0000 1.1.2.1 @@ -23,16 +23,28 @@ import org.jboss.metadata.WebMetaData; import org.jboss.metadata.WebSecurityMetaData; import org.jboss.metadata.SecurityRoleRefMetaData; +import org.jboss.logging.Logger; /** * A utility class encapsulating the logic for building the web container JACC * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.1 $ + * @version $Revision: 1.1.2.1 $ */ public class WebPermissionMapping { + static Logger log = Logger.getLogger(WebPermissionMapping.class); + + /** An prefix pattern "/prefix/*" */ + private static final int PREFIX = 1; + /** An extension pattern "*.ext" */ + private static final int EXTENSION = 2; + /** The "/" default pattern */ + private static final int DEFAULT = 3; + /** An prefix pattern "/prefix/*" */ + private static final int EXACT = 4; + /** * Apply the JACC rules for creating permissions from the web.xml * security-constraints. @@ -44,6 +56,10 @@ public static void createPermissions(WebMetaData metaData, PolicyConfiguration pc) throws PolicyContextException { + HashMap patternMap = qualifyURLPatterns(metaData); + log.debug("Qualified url patterns: "+patternMap); + PatternInfo defaultInfo = (PatternInfo) patternMap.get("/"); + Iterator constraints = metaData.getSecurityContraints(); // The url pattern to http methods for patterns for WebResourcePermission HashMap patternsWithHttpMethodSubsetsWRP = new HashMap(); @@ -67,8 +83,12 @@ for(int n = 0; n < urlPatterns.length; n ++) { String url = urlPatterns[n]; - WebResourcePermission p = new WebResourcePermission(url, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(url, + // Get the qualified url pattern + PatternInfo info = (PatternInfo) patternMap.get(url); + info.hadPermissions = true; + String qurl = info.getQualifiedPattern(); + WebResourcePermission p = new WebResourcePermission(qurl, httpMethods); + WebUserDataPermission p2 = new WebUserDataPermission(qurl, httpMethods, wsmd.getTransportGuarantee()); if( wsmd.isExcluded() ) { @@ -131,8 +151,12 @@ for(int n = 0; n < urlPatterns.length; n ++) { String url = urlPatterns[n]; - WebResourcePermission p = new WebResourcePermission(url, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(url, + // Get the qualified url pattern + PatternInfo info = (PatternInfo) patternMap.get(url); + info.hadPermissions = true; + String qurl = info.getQualifiedPattern(); + WebResourcePermission p = new WebResourcePermission(qurl, httpMethods); + WebUserDataPermission p2 = new WebUserDataPermission(qurl, httpMethods, wsmd.getTransportGuarantee()); Iterator roles = wsmd.getRoles().iterator(); while( roles.hasNext() ) @@ -192,7 +216,10 @@ String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); if( missingMethods.length > 0 ) { - WebResourcePermission p = new WebResourcePermission(url, missingMethods); + // Get the qualified url pattern + PatternInfo info = (PatternInfo) patternMap.get(url); + String qurl = info.getQualifiedPattern(); + WebResourcePermission p = new WebResourcePermission(qurl, missingMethods); pc.addToUncheckedPolicy(p); } else @@ -211,7 +238,10 @@ String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); if( missingMethods.length > 0 ) { - WebUserDataPermission p2 = new WebUserDataPermission(url, missingMethods, null); + // Get the qualified url pattern + PatternInfo info = (PatternInfo) patternMap.get(url); + String qurl = info.getQualifiedPattern(); + WebUserDataPermission p2 = new WebUserDataPermission(qurl, missingMethods, null); pc.addToUncheckedPolicy(p2); } else @@ -221,6 +251,18 @@ } } + /* Special handling of the "/" pattern if this was not specified in any + security-constraint element we need to add an a + */ + if( defaultInfo.hadPermissions == false ) + { + String qurl = defaultInfo.getQualifiedPattern(); + WebResourcePermission p = new WebResourcePermission(qurl, ""); + pc.addToUncheckedPolicy(p); + WebUserDataPermission p2 = new WebUserDataPermission(qurl, null, null); + pc.addToUncheckedPolicy(p2); + } + /* 3.1.3.1 Translating security-constraint Elements ... A WebResourcePermission and a WebUserDataPermission must be added to @@ -300,4 +342,198 @@ } } + static int getPatternType(String urlPattern) + { + int type = EXACT; + if( urlPattern.startsWith("*.") ) + type = EXTENSION; + else if( urlPattern.startsWith("/") && urlPattern.endsWith("/*") ) + type = PREFIX; + else if( urlPattern.equals("/") ) + type = DEFAULT; + return type; + } + + static HashMap qualifyURLPatterns(WebMetaData metaData) + { + ArrayList prefixList = new ArrayList(); + ArrayList extensionList = new ArrayList(); + ArrayList exactList = new ArrayList(); + HashMap patternMap = new HashMap(); + PatternInfo defaultInfo = null; + + Iterator constraints = metaData.getSecurityContraints(); + while( constraints.hasNext() ) + { + WebSecurityMetaData wsmd = (WebSecurityMetaData) constraints.next(); + Iterator resources = wsmd.getWebResources().values().iterator(); + while( resources.hasNext() ) + { + WebSecurityMetaData.WebResourceCollection wrc = (WebSecurityMetaData.WebResourceCollection) resources.next(); + String[] urlPatterns = wrc.getUrlPatterns(); + for(int n = 0; n < urlPatterns.length; n ++) + { + String url = urlPatterns[n]; + int type = getPatternType(url); + PatternInfo info = (PatternInfo) patternMap.get(url); + if( info == null ) + { + info = new PatternInfo(url, type); + patternMap.put(url, info); + switch( type ) + { + case PREFIX: + prefixList.add(info); + break; + case EXTENSION: + extensionList.add(info); + break; + case EXACT: + exactList.add(info); + break; + case DEFAULT: + defaultInfo = info; + break; + } + } + } + } + } + + // Qualify all prefix patterns + for(int i = 0; i < prefixList.size(); i ++) + { + PatternInfo info = (PatternInfo) prefixList.get(i); + // Qualify by every other extension + for(int j = 0; j < prefixList.size(); j ++) + { + if( i == j ) + continue; + PatternInfo other = (PatternInfo) prefixList.get(j); + if( info.matches(other) ) + info.addQualifier(other.pattern); + } + // Qualify by every matching exact pattern + for(int j = 0; j < exactList.size(); j ++) + { + PatternInfo other = (PatternInfo) exactList.get(j); + if( info.matches(other) ) + info.addQualifier(other.pattern); + } + } + + // Qualify all extension patterns + for(int i = 0; i < extensionList.size(); i ++) + { + PatternInfo info = (PatternInfo) extensionList.get(i); + // Qualify by every path prefix pattern + for(int j = 0; j < prefixList.size(); j ++) + { + PatternInfo other = (PatternInfo) prefixList.get(j); + info.addQualifier(other.pattern); + } + // Qualify by every matching exact pattern + for(int j = 0; j < exactList.size(); j ++) + { + PatternInfo other = (PatternInfo) exactList.get(j); + if( info.isExtensionFor(other) ) + info.addQualifier(other.pattern); + } + } + + // Qualify the default pattern + if( defaultInfo == null ) + { + defaultInfo = new PatternInfo("/", DEFAULT); + patternMap.put("/", defaultInfo); + } + Iterator iter = patternMap.values().iterator(); + while( iter.hasNext() ) + { + PatternInfo info = (PatternInfo) iter.next(); + if( info == defaultInfo ) + continue; + defaultInfo.addQualifier(info.pattern); + } + + return patternMap; + } + + static class PatternInfo + { + String pattern; + String qpattern; + int type; + boolean hadPermissions; + ArrayList qualifiers = new ArrayList(); + + PatternInfo(String pattern, int type) + { + this.pattern = pattern; + this.type = type; + } + + void addQualifier(String pattern) + { + if( qualifiers.contains(pattern) == false ) + qualifiers.add(pattern); + } + + public String getQualifiedPattern() + { + if( qpattern == null ) + { + StringBuffer tmp = new StringBuffer(pattern); + for(int n = 0; n < qualifiers.size(); n ++) + { + tmp.append(':'); + tmp.append(qualifiers.get(n)); + } + qpattern = tmp.toString(); + } + return qpattern; + } + + public int hashCode() + { + return pattern.hashCode(); + } + + public boolean equals(Object obj) + { + PatternInfo pi = (PatternInfo) obj; + return pattern.equals(pi.pattern); + } + + public boolean matches(PatternInfo other) + { + boolean matches = matches = other.pattern.regionMatches(0, pattern, 0, pattern.length()-2); + return matches; + } + + public boolean isExtensionFor(PatternInfo other) + { + int offset = other.pattern.lastIndexOf('.'); + int length = pattern.length() - 1; + boolean isExtensionFor = false; + if( offset > 0 ) + { + isExtensionFor = pattern.regionMatches(1, other.pattern, offset, length); + } + return isExtensionFor; + } + + public String toString() + { + StringBuffer tmp = new StringBuffer("PatternInfo["); + tmp.append("pattern="); + tmp.append(pattern); + tmp.append(",type="); + tmp.append(type); + tmp.append(",qualifiers="); + tmp.append(qualifiers); + tmp.append("]"); + return tmp.toString(); + } + } } |
From: Scott S. <sco...@jb...> - 2005-04-24 02:29:57
|
User: starksm Date: 05/04/23 22:29:48 Modified: src/main/org/jboss/web WebPermissionMapping.java Log: Update the qualified url pattern name usage and make sure the default pattern is included if not seen in the security constraints. Revision Changes Path 1.2 +243 -7 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -b -r1.1 -r1.2 --- WebPermissionMapping.java 22 Apr 2005 21:17:08 -0000 1.1 +++ WebPermissionMapping.java 24 Apr 2005 02:29:48 -0000 1.2 @@ -23,16 +23,28 @@ import org.jboss.metadata.WebMetaData; import org.jboss.metadata.WebSecurityMetaData; import org.jboss.metadata.SecurityRoleRefMetaData; +import org.jboss.logging.Logger; /** * A utility class encapsulating the logic for building the web container JACC * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.1 $ + * @version $Revision: 1.2 $ */ public class WebPermissionMapping { + static Logger log = Logger.getLogger(WebPermissionMapping.class); + + /** An prefix pattern "/prefix/*" */ + private static final int PREFIX = 1; + /** An extension pattern "*.ext" */ + private static final int EXTENSION = 2; + /** The "/" default pattern */ + private static final int DEFAULT = 3; + /** An prefix pattern "/prefix/*" */ + private static final int EXACT = 4; + /** * Apply the JACC rules for creating permissions from the web.xml * security-constraints. @@ -44,6 +56,10 @@ public static void createPermissions(WebMetaData metaData, PolicyConfiguration pc) throws PolicyContextException { + HashMap patternMap = qualifyURLPatterns(metaData); + log.debug("Qualified url patterns: "+patternMap); + PatternInfo defaultInfo = (PatternInfo) patternMap.get("/"); + Iterator constraints = metaData.getSecurityContraints(); // The url pattern to http methods for patterns for WebResourcePermission HashMap patternsWithHttpMethodSubsetsWRP = new HashMap(); @@ -67,8 +83,12 @@ for(int n = 0; n < urlPatterns.length; n ++) { String url = urlPatterns[n]; - WebResourcePermission p = new WebResourcePermission(url, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(url, + // Get the qualified url pattern + PatternInfo info = (PatternInfo) patternMap.get(url); + info.hadPermissions = true; + String qurl = info.getQualifiedPattern(); + WebResourcePermission p = new WebResourcePermission(qurl, httpMethods); + WebUserDataPermission p2 = new WebUserDataPermission(qurl, httpMethods, wsmd.getTransportGuarantee()); if( wsmd.isExcluded() ) { @@ -131,8 +151,12 @@ for(int n = 0; n < urlPatterns.length; n ++) { String url = urlPatterns[n]; - WebResourcePermission p = new WebResourcePermission(url, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(url, + // Get the qualified url pattern + PatternInfo info = (PatternInfo) patternMap.get(url); + info.hadPermissions = true; + String qurl = info.getQualifiedPattern(); + WebResourcePermission p = new WebResourcePermission(qurl, httpMethods); + WebUserDataPermission p2 = new WebUserDataPermission(qurl, httpMethods, wsmd.getTransportGuarantee()); Iterator roles = wsmd.getRoles().iterator(); while( roles.hasNext() ) @@ -192,7 +216,10 @@ String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); if( missingMethods.length > 0 ) { - WebResourcePermission p = new WebResourcePermission(url, missingMethods); + // Get the qualified url pattern + PatternInfo info = (PatternInfo) patternMap.get(url); + String qurl = info.getQualifiedPattern(); + WebResourcePermission p = new WebResourcePermission(qurl, missingMethods); pc.addToUncheckedPolicy(p); } else @@ -211,7 +238,10 @@ String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); if( missingMethods.length > 0 ) { - WebUserDataPermission p2 = new WebUserDataPermission(url, missingMethods, null); + // Get the qualified url pattern + PatternInfo info = (PatternInfo) patternMap.get(url); + String qurl = info.getQualifiedPattern(); + WebUserDataPermission p2 = new WebUserDataPermission(qurl, missingMethods, null); pc.addToUncheckedPolicy(p2); } else @@ -221,6 +251,18 @@ } } + /* Special handling of the "/" pattern if this was not specified in any + security-constraint element we need to add an a + */ + if( defaultInfo.hadPermissions == false ) + { + String qurl = defaultInfo.getQualifiedPattern(); + WebResourcePermission p = new WebResourcePermission(qurl, ""); + pc.addToUncheckedPolicy(p); + WebUserDataPermission p2 = new WebUserDataPermission(qurl, null, null); + pc.addToUncheckedPolicy(p2); + } + /* 3.1.3.1 Translating security-constraint Elements ... A WebResourcePermission and a WebUserDataPermission must be added to @@ -300,4 +342,198 @@ } } + static int getPatternType(String urlPattern) + { + int type = EXACT; + if( urlPattern.startsWith("*.") ) + type = EXTENSION; + else if( urlPattern.startsWith("/") && urlPattern.endsWith("/*") ) + type = PREFIX; + else if( urlPattern.equals("/") ) + type = DEFAULT; + return type; + } + + static HashMap qualifyURLPatterns(WebMetaData metaData) + { + ArrayList prefixList = new ArrayList(); + ArrayList extensionList = new ArrayList(); + ArrayList exactList = new ArrayList(); + HashMap patternMap = new HashMap(); + PatternInfo defaultInfo = null; + + Iterator constraints = metaData.getSecurityContraints(); + while( constraints.hasNext() ) + { + WebSecurityMetaData wsmd = (WebSecurityMetaData) constraints.next(); + Iterator resources = wsmd.getWebResources().values().iterator(); + while( resources.hasNext() ) + { + WebSecurityMetaData.WebResourceCollection wrc = (WebSecurityMetaData.WebResourceCollection) resources.next(); + String[] urlPatterns = wrc.getUrlPatterns(); + for(int n = 0; n < urlPatterns.length; n ++) + { + String url = urlPatterns[n]; + int type = getPatternType(url); + PatternInfo info = (PatternInfo) patternMap.get(url); + if( info == null ) + { + info = new PatternInfo(url, type); + patternMap.put(url, info); + switch( type ) + { + case PREFIX: + prefixList.add(info); + break; + case EXTENSION: + extensionList.add(info); + break; + case EXACT: + exactList.add(info); + break; + case DEFAULT: + defaultInfo = info; + break; + } + } + } + } + } + + // Qualify all prefix patterns + for(int i = 0; i < prefixList.size(); i ++) + { + PatternInfo info = (PatternInfo) prefixList.get(i); + // Qualify by every other extension + for(int j = 0; j < prefixList.size(); j ++) + { + if( i == j ) + continue; + PatternInfo other = (PatternInfo) prefixList.get(j); + if( info.matches(other) ) + info.addQualifier(other.pattern); + } + // Qualify by every matching exact pattern + for(int j = 0; j < exactList.size(); j ++) + { + PatternInfo other = (PatternInfo) exactList.get(j); + if( info.matches(other) ) + info.addQualifier(other.pattern); + } + } + + // Qualify all extension patterns + for(int i = 0; i < extensionList.size(); i ++) + { + PatternInfo info = (PatternInfo) extensionList.get(i); + // Qualify by every path prefix pattern + for(int j = 0; j < prefixList.size(); j ++) + { + PatternInfo other = (PatternInfo) prefixList.get(j); + info.addQualifier(other.pattern); + } + // Qualify by every matching exact pattern + for(int j = 0; j < exactList.size(); j ++) + { + PatternInfo other = (PatternInfo) exactList.get(j); + if( info.isExtensionFor(other) ) + info.addQualifier(other.pattern); + } + } + + // Qualify the default pattern + if( defaultInfo == null ) + { + defaultInfo = new PatternInfo("/", DEFAULT); + patternMap.put("/", defaultInfo); + } + Iterator iter = patternMap.values().iterator(); + while( iter.hasNext() ) + { + PatternInfo info = (PatternInfo) iter.next(); + if( info == defaultInfo ) + continue; + defaultInfo.addQualifier(info.pattern); + } + + return patternMap; + } + + static class PatternInfo + { + String pattern; + String qpattern; + int type; + boolean hadPermissions; + ArrayList qualifiers = new ArrayList(); + + PatternInfo(String pattern, int type) + { + this.pattern = pattern; + this.type = type; + } + + void addQualifier(String pattern) + { + if( qualifiers.contains(pattern) == false ) + qualifiers.add(pattern); + } + + public String getQualifiedPattern() + { + if( qpattern == null ) + { + StringBuffer tmp = new StringBuffer(pattern); + for(int n = 0; n < qualifiers.size(); n ++) + { + tmp.append(':'); + tmp.append(qualifiers.get(n)); + } + qpattern = tmp.toString(); + } + return qpattern; + } + + public int hashCode() + { + return pattern.hashCode(); + } + + public boolean equals(Object obj) + { + PatternInfo pi = (PatternInfo) obj; + return pattern.equals(pi.pattern); + } + + public boolean matches(PatternInfo other) + { + boolean matches = matches = other.pattern.regionMatches(0, pattern, 0, pattern.length()-2); + return matches; + } + + public boolean isExtensionFor(PatternInfo other) + { + int offset = other.pattern.lastIndexOf('.'); + int length = pattern.length() - 1; + boolean isExtensionFor = false; + if( offset > 0 ) + { + isExtensionFor = pattern.regionMatches(1, other.pattern, offset, length); + } + return isExtensionFor; + } + + public String toString() + { + StringBuffer tmp = new StringBuffer("PatternInfo["); + tmp.append("pattern="); + tmp.append(pattern); + tmp.append(",type="); + tmp.append(type); + tmp.append(",qualifiers="); + tmp.append(qualifiers); + tmp.append("]"); + return tmp.toString(); + } + } } |
From: Scott S. <sco...@jb...> - 2005-04-25 06:15:20
|
User: starksm Date: 05/04/25 02:15:08 Modified: src/main/org/jboss/web WebPermissionMapping.java Log: Update the permission creation to build a proper canonical set of permissions. Revision Changes Path 1.3 +313 -186 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -b -r1.2 -r1.3 --- WebPermissionMapping.java 24 Apr 2005 02:29:48 -0000 1.2 +++ WebPermissionMapping.java 25 Apr 2005 06:15:08 -0000 1.3 @@ -14,6 +14,7 @@ import java.util.Map; import java.util.Set; import java.util.ArrayList; +import java.util.Collection; import javax.security.jacc.PolicyConfiguration; import javax.security.jacc.PolicyContextException; import javax.security.jacc.WebResourcePermission; @@ -30,7 +31,7 @@ * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.2 $ + * @version $Revision: 1.3 $ */ public class WebPermissionMapping { @@ -58,22 +59,15 @@ { HashMap patternMap = qualifyURLPatterns(metaData); log.debug("Qualified url patterns: "+patternMap); - PatternInfo defaultInfo = (PatternInfo) patternMap.get("/"); Iterator constraints = metaData.getSecurityContraints(); - // The url pattern to http methods for patterns for WebResourcePermission - HashMap patternsWithHttpMethodSubsetsWRP = new HashMap(); - // The url pattern to http methods for patterns for WebUserDataPermission - HashMap patternsWithHttpMethodSubsetsWUDP = new HashMap(); while( constraints.hasNext() ) { WebSecurityMetaData wsmd = (WebSecurityMetaData) constraints.next(); String transport = wsmd.getTransportGuarantee(); - if( transport != null && transport.equalsIgnoreCase("NONE") ) - transport = null; if( wsmd.isExcluded() || wsmd.isUnchecked() ) { - // Build the permissions for the excluded/unchecked resources + // Process the permissions for the excluded/unchecked resources Iterator resources = wsmd.getWebResources().values().iterator(); while( resources.hasNext() ) { @@ -83,65 +77,20 @@ for(int n = 0; n < urlPatterns.length; n ++) { String url = urlPatterns[n]; - // Get the qualified url pattern PatternInfo info = (PatternInfo) patternMap.get(url); - info.hadPermissions = true; - String qurl = info.getQualifiedPattern(); - WebResourcePermission p = new WebResourcePermission(qurl, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(qurl, - httpMethods, wsmd.getTransportGuarantee()); - if( wsmd.isExcluded() ) - { - pc.addToExcludedPolicy(p); - pc.addToExcludedPolicy(p2); - } - else - { - pc.addToUncheckedPolicy(p); - pc.addToUncheckedPolicy(p2); - } - // Track the incomplete coverage of http methods - if( urlPatterns.length > 0 ) - { - HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); - if( methodsWRP == null ) - { - methodsWRP = new HashSet(); - patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); - } - /* Only add methods to excluded perms because incomplete - coverage of unchecked perms http method should not exclude - the explicitly stated http methods. For example, a url - pattern /unchecked with explicit https method POST, GET that - as no auth constraint should result in a unchecked permission - that includes all http methods since the logic for incomplete - coverage would add an unchecked permission with the missing - methods: DELETE, PUT, HEAD, OPTIONS, TRACE. However, two - unchecked permissions whose union of http methods covers - all methods does not result in a permission collection - that implies WebResourcePermission("/unchecked, null). So - we leave off the http methods for the explicit unchecked - permission so that an unchecked permission with a null - http methods spec results if appropriate. - */ + // Add the excluded methods if( wsmd.isExcluded() ) - methodsWRP.addAll(Arrays.asList(httpMethods)); - - HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); - if( methodsWUDP == null ) { - methodsWUDP = new HashSet(); - patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); - } - if( wsmd.isExcluded() || transport != null ) - methodsWUDP.addAll(Arrays.asList(httpMethods)); + info.addExcludedMethods(httpMethods); } + // Add the transport to methods + info.addTransport(transport, httpMethods); } } } else { - // Build the permission for the resources x roles + // Process the permission for the resources x roles Iterator resources = wsmd.getWebResources().values().iterator(); while( resources.hasNext() ) { @@ -153,12 +102,8 @@ String url = urlPatterns[n]; // Get the qualified url pattern PatternInfo info = (PatternInfo) patternMap.get(url); - info.hadPermissions = true; - String qurl = info.getQualifiedPattern(); - WebResourcePermission p = new WebResourcePermission(qurl, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(qurl, - httpMethods, wsmd.getTransportGuarantee()); Iterator roles = wsmd.getRoles().iterator(); + HashSet mappedRoles = new HashSet(); while( roles.hasNext() ) { String role = (String) roles.next(); @@ -169,133 +114,80 @@ while( allRoles.hasNext() ) { role = (String) allRoles.next(); - pc.addToRole(role, p); + mappedRoles.add(role); } } else { - pc.addToRole(role, p); - } - } - pc.addToUncheckedPolicy(p2); - // Track the incomplete coverage of http methods - if( urlPatterns.length > 0 ) - { - HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); - if( methodsWRP == null ) - { - methodsWRP = new HashSet(); - patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); - } - methodsWRP.addAll(Arrays.asList(httpMethods)); - - HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); - if( methodsWUDP == null ) - { - methodsWUDP = new HashSet(); - patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); + mappedRoles.add(role); } - if( transport != null ) - methodsWUDP.addAll(Arrays.asList(httpMethods)); } + info.addRoles(mappedRoles, httpMethods); } } } } - /* Create unchecked permissions. We are required to create an unchecked - permission for every url pattern that is not covered by a every possible - http method. - */ - Iterator iter = patternsWithHttpMethodSubsetsWRP.entrySet().iterator(); + // Create the permissions + Iterator iter = patternMap.values().iterator(); while( iter.hasNext() ) { - Map.Entry e = (Map.Entry) iter.next(); - String url = (String) e.getKey(); - HashSet methods = (HashSet) e.getValue(); - String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); - if( missingMethods.length > 0 ) - { - // Get the qualified url pattern - PatternInfo info = (PatternInfo) patternMap.get(url); + PatternInfo info = (PatternInfo) iter.next(); String qurl = info.getQualifiedPattern(); - WebResourcePermission p = new WebResourcePermission(qurl, missingMethods); - pc.addToUncheckedPolicy(p); - } - else + if( info.isOverriden == true ) { - // The union for this pattern has all methods so remove it - iter.remove(); - } + log.debug("Dropping overriden pattern: "+info); + continue; } - iter = patternsWithHttpMethodSubsetsWUDP.entrySet().iterator(); - while( iter.hasNext() ) - { - Map.Entry e = (Map.Entry) iter.next(); - String url = (String) e.getKey(); - HashSet methods = (HashSet) e.getValue(); - String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); - if( missingMethods.length > 0 ) - { - // Get the qualified url pattern - PatternInfo info = (PatternInfo) patternMap.get(url); - String qurl = info.getQualifiedPattern(); - WebUserDataPermission p2 = new WebUserDataPermission(qurl, missingMethods, null); - pc.addToUncheckedPolicy(p2); + // Create the excluded permissions + String[] httpMethods = info.getExcludedMethods(); + if( httpMethods != null ) + { + // There were excluded security-constraints + WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods); + WebUserDataPermission wudp = new WebUserDataPermission(qurl, + httpMethods, null); + pc.addToExcludedPolicy(wrp); + pc.addToExcludedPolicy(wudp); } - else + + // Create the role permissions + Iterator roles = info.getRoleMethods(); + while( roles.hasNext() ) { - // The union for this pattern has all methods so remove it - iter.remove(); - } + Map.Entry roleMethods = (Map.Entry) roles.next(); + String role = (String) roleMethods.getKey(); + HashSet methods = (HashSet) roleMethods.getValue(); + httpMethods = new String[methods.size()]; + methods.toArray(httpMethods); + WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods); + pc.addToRole(role, wrp); } - /* Special handling of the "/" pattern if this was not specified in any - security-constraint element we need to add an a - */ - if( defaultInfo.hadPermissions == false ) + // Create the unchecked permissions + httpMethods = info.getMissingMethods(); + if( httpMethods.length > 0 ) { - String qurl = defaultInfo.getQualifiedPattern(); - WebResourcePermission p = new WebResourcePermission(qurl, ""); - pc.addToUncheckedPolicy(p); - WebUserDataPermission p2 = new WebUserDataPermission(qurl, null, null); - pc.addToUncheckedPolicy(p2); + // Create the unchecked permissions WebResourcePermissions + WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods); + pc.addToUncheckedPolicy(wrp); + } - /* 3.1.3.1 Translating security-constraint Elements - ... - A WebResourcePermission and a WebUserDataPermission must be added to - the unchecked policy statements for each url-pattern in the deployment - descriptor and the default pattern, "/", that is not combined by the - webresource-collection elements of the deployment descriptor with every - HTTP method value. The permission objects must be constructed using the - qualified pattern as their name and with actions defined by the subset of - the HTTP methods that do not occur in combination with the pattern.The - resulting permissions must be added to the unchecked policy statements by - calling the addToUncheckedPolicy method on the PolicyConfiguration object. - */ - if( patternsWithHttpMethodSubsetsWRP.size() > 0 ) - { - if( patternsWithHttpMethodSubsetsWRP.containsKey("/") == false ) - patternsWithHttpMethodSubsetsWRP.put("/", null); - iter = patternsWithHttpMethodSubsetsWRP.keySet().iterator(); - StringBuffer allURLs = new StringBuffer(); - while( iter.hasNext() ) + // Create the unchecked permissions WebUserDataPermissions + info.getTransportMethods(); + while( roles.hasNext() ) { - String url = (String) iter.next(); - allURLs.append(url); - allURLs.append(':'); - } - allURLs.setLength(allURLs.length()-1); - String all = allURLs.toString(); - WebResourcePermission p = new WebResourcePermission(all, (String) null); - pc.addToUncheckedPolicy(p); - WebUserDataPermission p2 = new WebUserDataPermission(all, null); - pc.addToUncheckedPolicy(p2); + Map.Entry transportMethods = (Map.Entry) roles.next(); + String transport = (String) transportMethods.getKey(); + HashSet methods = (HashSet) transportMethods.getValue(); + httpMethods = new String[methods.size()]; + methods.toArray(httpMethods); + WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, transport); + pc.addToUncheckedPolicy(wudp); + } } - patternsWithHttpMethodSubsetsWRP.clear(); - patternsWithHttpMethodSubsetsWUDP.clear(); /* Create WebRoleRefPermissions for all servlet/security-role-refs along with all the cross product of servlets and security-role elements that @@ -342,6 +234,11 @@ } } + /** + * Determine the url-pattern type + * @param urlPattern - the raw url-pattern value + * @return one of EXACT, EXTENSION, PREFIX, DEFAULT + */ static int getPatternType(String urlPattern) { int type = EXACT; @@ -354,6 +251,43 @@ return type; } + /** + JACC url pattern Qualified URL Pattern Names. + + The rules for qualifying a URL pattern are dependent on the rules for + determining if one URL pattern matches another as defined in Section 3.1.3.3, + âServlet URL-Pattern Matching Rulesâ, and are described as follows: + - If the pattern is a path prefix pattern, it must be qualified by every + path-prefix pattern in the deployment descriptor matched by and different from + the pattern being qualified. The pattern must also be qualified by every exact + pattern appearing in the deployment descriptor that is matched by the pattern + being qualified. + - If the pattern is an extension pattern, it must be qualified by every + path-prefix pattern appearing in the deployment descriptor and every exact + pattern in the deployment descriptor that is matched by the pattern being + qualified. + - If the pattern is the default pattern, "/", it must be qualified by every + other pattern except the default pattern appearing in the deployment descriptor. + - If the pattern is an exact pattern, its qualified form must not contain any + qualifying patterns. + + URL patterns are qualified by appending to their String representation, a + colon separated representation of the list of patterns that qualify the pattern. + Duplicates must not be included in the list of qualifying patterns, and any + qualifying pattern matched by another qualifying pattern may5 be dropped from + the list. + + Any pattern, qualified by a pattern that matches it, is overridden and made + irrelevant (in the translation) by the qualifying pattern. Specifically, all + extension patterns and the default pattern are made irrelevant by the presence + of the path prefix pattern "/*" in a deployment descriptor. Patterns qualified + by the "/*" pattern violate the URLPatternSpec constraints of + WebResourcePermission and WebUserDataPermission names and must be rejected by + the corresponding permission constructors. + + @param metaData - the web deployment metadata + @return HashMap<String, PatternInfo> + */ static HashMap qualifyURLPatterns(WebMetaData metaData) { ArrayList prefixList = new ArrayList(); @@ -404,21 +338,21 @@ for(int i = 0; i < prefixList.size(); i ++) { PatternInfo info = (PatternInfo) prefixList.get(i); - // Qualify by every other extension + // Qualify by every other prefix pattern matching this pattern for(int j = 0; j < prefixList.size(); j ++) { if( i == j ) continue; PatternInfo other = (PatternInfo) prefixList.get(j); if( info.matches(other) ) - info.addQualifier(other.pattern); + info.addQualifier(other); } - // Qualify by every matching exact pattern + // Qualify by every exact pattern that is matched by this pattern for(int j = 0; j < exactList.size(); j ++) { PatternInfo other = (PatternInfo) exactList.get(j); if( info.matches(other) ) - info.addQualifier(other.pattern); + info.addQualifier(other); } } @@ -430,14 +364,17 @@ for(int j = 0; j < prefixList.size(); j ++) { PatternInfo other = (PatternInfo) prefixList.get(j); - info.addQualifier(other.pattern); + { + // Any extension + info.addQualifier(other); + } } // Qualify by every matching exact pattern for(int j = 0; j < exactList.size(); j ++) { PatternInfo other = (PatternInfo) exactList.get(j); if( info.isExtensionFor(other) ) - info.addQualifier(other.pattern); + info.addQualifier(other); } } @@ -453,32 +390,205 @@ PatternInfo info = (PatternInfo) iter.next(); if( info == defaultInfo ) continue; - defaultInfo.addQualifier(info.pattern); + defaultInfo.addQualifier(info); } return patternMap; } + /** + * A representation of all security-constraint mappings for a unique + * url-pattern + */ static class PatternInfo { + static final HashMap ALL_TRANSPORTS = new HashMap(); + static + { + ALL_TRANSPORTS.put("NONE", WebSecurityMetaData.ALL_HTTP_METHODS); + } + + /** The raw url-pattern string from the web.xml */ String pattern; + /** The qualified url pattern as determined by qualifyURLPatterns */ String qpattern; - int type; - boolean hadPermissions; + /** The list of qualifying patterns as determined by qualifyURLPatterns */ ArrayList qualifiers = new ArrayList(); + /** One of PREFIX, EXTENSION, DEFAULT, EXACT */ + int type; + /** HashSet<String> Union of all http methods seen in excluded statements */ + HashSet excludedMethods; + /** HashMap<String, HashSet<String>> role to http methods */ + HashMap roles; + /** HashMap<String, HashSet<String>> transport to http methods */ + HashMap transports; + // The url pattern to http methods for patterns for + HashSet allMethods = new HashSet(); + /** Does a qualifying pattern match this pattern and make this pattern + * obsolete? + */ + boolean isOverriden; + /** + * @param pattern - the url-pattern value + * @param type - one of EXACT, EXTENSION, PREFIX, DEFAULT + */ PatternInfo(String pattern, int type) { this.pattern = pattern; this.type = type; } - void addQualifier(String pattern) + /** + * Augment the excluded methods associated with this url + * @param httpMethods + */ + void addExcludedMethods(String[] httpMethods) + { + Collection methods = Arrays.asList(httpMethods); + if( methods.size() == 0 ) + methods = WebSecurityMetaData.ALL_HTTP_METHODS; + if( excludedMethods == null ) + excludedMethods = new HashSet(); + excludedMethods.addAll(methods); + allMethods.addAll(methods); + } + /** + * Get the list of excluded http methods + * @return excluded http methods if the exist, null if there were no + * excluded security constraints + */ + public String[] getExcludedMethods() + { + String[] httpMethods = null; + if( excludedMethods != null ) + { + httpMethods = new String[excludedMethods.size()]; + excludedMethods.toArray(httpMethods); + } + return httpMethods; + } + + /** + * Update the role to http methods mapping for this url. + * @param mappedRoles - the role-name values for the auth-constraint + * @param httpMethods - the http-method values for the web-resource-collection + */ + public void addRoles(HashSet mappedRoles, String[] httpMethods) + { + Collection methods = Arrays.asList(httpMethods); + if( methods.size() == 0 ) + methods = WebSecurityMetaData.ALL_HTTP_METHODS; + allMethods.addAll(methods); + if( roles == null ) + roles = new HashMap(); + + Iterator iter = mappedRoles.iterator(); + while( iter.hasNext() ) + { + String role = (String) iter.next(); + HashSet roleMethods = (HashSet) roles.get(role); + if( roleMethods == null ) + { + roleMethods = new HashSet(); + roles.put(role, roleMethods); + } + roleMethods.addAll(methods); + } + } + /** + * Get the role to http method mappings + * @return Iterator<Map.Entry<String, HasSet<String>>> for the role + * to http method mappings. + */ + public Iterator getRoleMethods() + { + HashMap tmp = roles; + if( tmp == null ) + tmp = new HashMap(0); + Iterator iter = tmp.entrySet().iterator(); + return iter; + } + + /** + * Update the role to http methods mapping for this url. + * @param transport - the transport-guarantee value + * @param httpMethods - the http-method values for the web-resource-collection + */ + void addTransport(String transport, String[] httpMethods) + { + Collection methods = Arrays.asList(httpMethods); + if( methods.size() == 0 ) + methods = WebSecurityMetaData.ALL_HTTP_METHODS; + if( transports == null ) + transports = new HashMap(); + + HashSet transportMethods = (HashSet) transports.get(transport); + if( transportMethods == null ) + { + transportMethods = new HashSet(); + transports.put(transport, transportMethods); + } + transportMethods.addAll(methods); + } + /** + * Get the transport to http method mappings + * @return Iterator<Map.Entry<String, HasSet<String>>> for the transport + * to http method mappings. + */ + public Iterator getTransportMethods() + { + HashMap tmp = transports; + if( tmp == null ) + tmp = ALL_TRANSPORTS; + Iterator iter = tmp.entrySet().iterator(); + return iter; + } + + /** + * Get the list of http methods that were not associated with an excluded + * or role based mapping of this url. + * + * @return the subset of http methods that should be unchecked + */ + public String[] getMissingMethods() + { + String[] httpMethods = {}; + if( allMethods.size() == 0 ) + { + // There were no excluded or role based security-constraints + httpMethods = WebSecurityMetaData.ALL_HTTP_METHOD_NAMES; + } + else + { + httpMethods = WebSecurityMetaData.getMissingHttpMethods(allMethods); + } + return httpMethods; + } + + /** + * Add the qualifying pattern. If info is a prefix pattern that matches + * this pattern, it overrides this pattern and will exclude it from + * inclusion in the policy. + * + * @param info - a url pattern that should qualify this pattern + */ + void addQualifier(PatternInfo info) + { + if( qualifiers.contains(info) == false ) { - if( qualifiers.contains(pattern) == false ) - qualifiers.add(pattern); + // See if this pattern is matched by the qualifier + if( info.type == PREFIX && info.matches(this) ) + isOverriden = true; + qualifiers.add(info); + } } + /** + * Get the url pattern with its qualifications + * @see WebPermissionMapping#qualifyURLPatterns(org.jboss.metadata.WebMetaData) + * @return the qualified form of the url pattern + */ public String getQualifiedPattern() { if( qpattern == null ) @@ -487,7 +597,8 @@ for(int n = 0; n < qualifiers.size(); n ++) { tmp.append(':'); - tmp.append(qualifiers.get(n)); + PatternInfo info = (PatternInfo) qualifiers.get(n); + tmp.append(info.pattern); } qpattern = tmp.toString(); } @@ -505,12 +616,25 @@ return pattern.equals(pi.pattern); } + /** + * See if this pattern is matches the other pattern + * @param other - another pattern + * @return true if the other pattern starts with this + * pattern less the "/*", false otherwise + */ public boolean matches(PatternInfo other) { - boolean matches = matches = other.pattern.regionMatches(0, pattern, 0, pattern.length()-2); + int matchLength = pattern.length()-2; + boolean matches = pattern.regionMatches(0, other.pattern, 0, matchLength); return matches; } + /** + * See if this is an extension pattern that matches other + * @param other - another pattern + * @return true if is an extension pattern and other ends with this + * pattern + */ public boolean isExtensionFor(PatternInfo other) { int offset = other.pattern.lastIndexOf('.'); @@ -530,10 +654,13 @@ tmp.append(pattern); tmp.append(",type="); tmp.append(type); + tmp.append(",isOverriden="); + tmp.append(isOverriden); tmp.append(",qualifiers="); tmp.append(qualifiers); tmp.append("]"); return tmp.toString(); } + } } |
From: Scott S. <sco...@jb...> - 2005-04-25 06:19:13
|
User: starksm Date: 05/04/25 02:19:02 Modified: src/main/org/jboss/web Tag: Branch_4_0 WebPermissionMapping.java Log: Update the permission creation to build a proper canonical set of permissions. Revision Changes Path No revision No revision 1.1.2.2 +313 -186 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -b -r1.1.2.1 -r1.1.2.2 --- WebPermissionMapping.java 24 Apr 2005 02:06:12 -0000 1.1.2.1 +++ WebPermissionMapping.java 25 Apr 2005 06:19:02 -0000 1.1.2.2 @@ -14,6 +14,7 @@ import java.util.Map; import java.util.Set; import java.util.ArrayList; +import java.util.Collection; import javax.security.jacc.PolicyConfiguration; import javax.security.jacc.PolicyContextException; import javax.security.jacc.WebResourcePermission; @@ -30,7 +31,7 @@ * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.1.2.1 $ + * @version $Revision: 1.1.2.2 $ */ public class WebPermissionMapping { @@ -58,22 +59,15 @@ { HashMap patternMap = qualifyURLPatterns(metaData); log.debug("Qualified url patterns: "+patternMap); - PatternInfo defaultInfo = (PatternInfo) patternMap.get("/"); Iterator constraints = metaData.getSecurityContraints(); - // The url pattern to http methods for patterns for WebResourcePermission - HashMap patternsWithHttpMethodSubsetsWRP = new HashMap(); - // The url pattern to http methods for patterns for WebUserDataPermission - HashMap patternsWithHttpMethodSubsetsWUDP = new HashMap(); while( constraints.hasNext() ) { WebSecurityMetaData wsmd = (WebSecurityMetaData) constraints.next(); String transport = wsmd.getTransportGuarantee(); - if( transport != null && transport.equalsIgnoreCase("NONE") ) - transport = null; if( wsmd.isExcluded() || wsmd.isUnchecked() ) { - // Build the permissions for the excluded/unchecked resources + // Process the permissions for the excluded/unchecked resources Iterator resources = wsmd.getWebResources().values().iterator(); while( resources.hasNext() ) { @@ -83,65 +77,20 @@ for(int n = 0; n < urlPatterns.length; n ++) { String url = urlPatterns[n]; - // Get the qualified url pattern PatternInfo info = (PatternInfo) patternMap.get(url); - info.hadPermissions = true; - String qurl = info.getQualifiedPattern(); - WebResourcePermission p = new WebResourcePermission(qurl, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(qurl, - httpMethods, wsmd.getTransportGuarantee()); - if( wsmd.isExcluded() ) - { - pc.addToExcludedPolicy(p); - pc.addToExcludedPolicy(p2); - } - else - { - pc.addToUncheckedPolicy(p); - pc.addToUncheckedPolicy(p2); - } - // Track the incomplete coverage of http methods - if( urlPatterns.length > 0 ) - { - HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); - if( methodsWRP == null ) - { - methodsWRP = new HashSet(); - patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); - } - /* Only add methods to excluded perms because incomplete - coverage of unchecked perms http method should not exclude - the explicitly stated http methods. For example, a url - pattern /unchecked with explicit https method POST, GET that - as no auth constraint should result in a unchecked permission - that includes all http methods since the logic for incomplete - coverage would add an unchecked permission with the missing - methods: DELETE, PUT, HEAD, OPTIONS, TRACE. However, two - unchecked permissions whose union of http methods covers - all methods does not result in a permission collection - that implies WebResourcePermission("/unchecked, null). So - we leave off the http methods for the explicit unchecked - permission so that an unchecked permission with a null - http methods spec results if appropriate. - */ + // Add the excluded methods if( wsmd.isExcluded() ) - methodsWRP.addAll(Arrays.asList(httpMethods)); - - HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); - if( methodsWUDP == null ) { - methodsWUDP = new HashSet(); - patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); - } - if( wsmd.isExcluded() || transport != null ) - methodsWUDP.addAll(Arrays.asList(httpMethods)); + info.addExcludedMethods(httpMethods); } + // Add the transport to methods + info.addTransport(transport, httpMethods); } } } else { - // Build the permission for the resources x roles + // Process the permission for the resources x roles Iterator resources = wsmd.getWebResources().values().iterator(); while( resources.hasNext() ) { @@ -153,12 +102,8 @@ String url = urlPatterns[n]; // Get the qualified url pattern PatternInfo info = (PatternInfo) patternMap.get(url); - info.hadPermissions = true; - String qurl = info.getQualifiedPattern(); - WebResourcePermission p = new WebResourcePermission(qurl, httpMethods); - WebUserDataPermission p2 = new WebUserDataPermission(qurl, - httpMethods, wsmd.getTransportGuarantee()); Iterator roles = wsmd.getRoles().iterator(); + HashSet mappedRoles = new HashSet(); while( roles.hasNext() ) { String role = (String) roles.next(); @@ -169,133 +114,80 @@ while( allRoles.hasNext() ) { role = (String) allRoles.next(); - pc.addToRole(role, p); + mappedRoles.add(role); } } else { - pc.addToRole(role, p); - } - } - pc.addToUncheckedPolicy(p2); - // Track the incomplete coverage of http methods - if( urlPatterns.length > 0 ) - { - HashSet methodsWRP = (HashSet) patternsWithHttpMethodSubsetsWRP.get(url); - if( methodsWRP == null ) - { - methodsWRP = new HashSet(); - patternsWithHttpMethodSubsetsWRP.put(url, methodsWRP); - } - methodsWRP.addAll(Arrays.asList(httpMethods)); - - HashSet methodsWUDP = (HashSet) patternsWithHttpMethodSubsetsWUDP.get(url); - if( methodsWUDP == null ) - { - methodsWUDP = new HashSet(); - patternsWithHttpMethodSubsetsWUDP.put(url, methodsWUDP); + mappedRoles.add(role); } - if( transport != null ) - methodsWUDP.addAll(Arrays.asList(httpMethods)); } + info.addRoles(mappedRoles, httpMethods); } } } } - /* Create unchecked permissions. We are required to create an unchecked - permission for every url pattern that is not covered by a every possible - http method. - */ - Iterator iter = patternsWithHttpMethodSubsetsWRP.entrySet().iterator(); + // Create the permissions + Iterator iter = patternMap.values().iterator(); while( iter.hasNext() ) { - Map.Entry e = (Map.Entry) iter.next(); - String url = (String) e.getKey(); - HashSet methods = (HashSet) e.getValue(); - String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); - if( missingMethods.length > 0 ) - { - // Get the qualified url pattern - PatternInfo info = (PatternInfo) patternMap.get(url); + PatternInfo info = (PatternInfo) iter.next(); String qurl = info.getQualifiedPattern(); - WebResourcePermission p = new WebResourcePermission(qurl, missingMethods); - pc.addToUncheckedPolicy(p); - } - else + if( info.isOverriden == true ) { - // The union for this pattern has all methods so remove it - iter.remove(); - } + log.debug("Dropping overriden pattern: "+info); + continue; } - iter = patternsWithHttpMethodSubsetsWUDP.entrySet().iterator(); - while( iter.hasNext() ) - { - Map.Entry e = (Map.Entry) iter.next(); - String url = (String) e.getKey(); - HashSet methods = (HashSet) e.getValue(); - String[] missingMethods = WebSecurityMetaData.getMissingHttpMethods(methods); - if( missingMethods.length > 0 ) - { - // Get the qualified url pattern - PatternInfo info = (PatternInfo) patternMap.get(url); - String qurl = info.getQualifiedPattern(); - WebUserDataPermission p2 = new WebUserDataPermission(qurl, missingMethods, null); - pc.addToUncheckedPolicy(p2); + // Create the excluded permissions + String[] httpMethods = info.getExcludedMethods(); + if( httpMethods != null ) + { + // There were excluded security-constraints + WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods); + WebUserDataPermission wudp = new WebUserDataPermission(qurl, + httpMethods, null); + pc.addToExcludedPolicy(wrp); + pc.addToExcludedPolicy(wudp); } - else + + // Create the role permissions + Iterator roles = info.getRoleMethods(); + while( roles.hasNext() ) { - // The union for this pattern has all methods so remove it - iter.remove(); - } + Map.Entry roleMethods = (Map.Entry) roles.next(); + String role = (String) roleMethods.getKey(); + HashSet methods = (HashSet) roleMethods.getValue(); + httpMethods = new String[methods.size()]; + methods.toArray(httpMethods); + WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods); + pc.addToRole(role, wrp); } - /* Special handling of the "/" pattern if this was not specified in any - security-constraint element we need to add an a - */ - if( defaultInfo.hadPermissions == false ) + // Create the unchecked permissions + httpMethods = info.getMissingMethods(); + if( httpMethods.length > 0 ) { - String qurl = defaultInfo.getQualifiedPattern(); - WebResourcePermission p = new WebResourcePermission(qurl, ""); - pc.addToUncheckedPolicy(p); - WebUserDataPermission p2 = new WebUserDataPermission(qurl, null, null); - pc.addToUncheckedPolicy(p2); + // Create the unchecked permissions WebResourcePermissions + WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods); + pc.addToUncheckedPolicy(wrp); + } - /* 3.1.3.1 Translating security-constraint Elements - ... - A WebResourcePermission and a WebUserDataPermission must be added to - the unchecked policy statements for each url-pattern in the deployment - descriptor and the default pattern, "/", that is not combined by the - webresource-collection elements of the deployment descriptor with every - HTTP method value. The permission objects must be constructed using the - qualified pattern as their name and with actions defined by the subset of - the HTTP methods that do not occur in combination with the pattern.The - resulting permissions must be added to the unchecked policy statements by - calling the addToUncheckedPolicy method on the PolicyConfiguration object. - */ - if( patternsWithHttpMethodSubsetsWRP.size() > 0 ) - { - if( patternsWithHttpMethodSubsetsWRP.containsKey("/") == false ) - patternsWithHttpMethodSubsetsWRP.put("/", null); - iter = patternsWithHttpMethodSubsetsWRP.keySet().iterator(); - StringBuffer allURLs = new StringBuffer(); - while( iter.hasNext() ) + // Create the unchecked permissions WebUserDataPermissions + info.getTransportMethods(); + while( roles.hasNext() ) { - String url = (String) iter.next(); - allURLs.append(url); - allURLs.append(':'); - } - allURLs.setLength(allURLs.length()-1); - String all = allURLs.toString(); - WebResourcePermission p = new WebResourcePermission(all, (String) null); - pc.addToUncheckedPolicy(p); - WebUserDataPermission p2 = new WebUserDataPermission(all, null); - pc.addToUncheckedPolicy(p2); + Map.Entry transportMethods = (Map.Entry) roles.next(); + String transport = (String) transportMethods.getKey(); + HashSet methods = (HashSet) transportMethods.getValue(); + httpMethods = new String[methods.size()]; + methods.toArray(httpMethods); + WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, transport); + pc.addToUncheckedPolicy(wudp); + } } - patternsWithHttpMethodSubsetsWRP.clear(); - patternsWithHttpMethodSubsetsWUDP.clear(); /* Create WebRoleRefPermissions for all servlet/security-role-refs along with all the cross product of servlets and security-role elements that @@ -342,6 +234,11 @@ } } + /** + * Determine the url-pattern type + * @param urlPattern - the raw url-pattern value + * @return one of EXACT, EXTENSION, PREFIX, DEFAULT + */ static int getPatternType(String urlPattern) { int type = EXACT; @@ -354,6 +251,43 @@ return type; } + /** + JACC url pattern Qualified URL Pattern Names. + + The rules for qualifying a URL pattern are dependent on the rules for + determining if one URL pattern matches another as defined in Section 3.1.3.3, + âServlet URL-Pattern Matching Rulesâ, and are described as follows: + - If the pattern is a path prefix pattern, it must be qualified by every + path-prefix pattern in the deployment descriptor matched by and different from + the pattern being qualified. The pattern must also be qualified by every exact + pattern appearing in the deployment descriptor that is matched by the pattern + being qualified. + - If the pattern is an extension pattern, it must be qualified by every + path-prefix pattern appearing in the deployment descriptor and every exact + pattern in the deployment descriptor that is matched by the pattern being + qualified. + - If the pattern is the default pattern, "/", it must be qualified by every + other pattern except the default pattern appearing in the deployment descriptor. + - If the pattern is an exact pattern, its qualified form must not contain any + qualifying patterns. + + URL patterns are qualified by appending to their String representation, a + colon separated representation of the list of patterns that qualify the pattern. + Duplicates must not be included in the list of qualifying patterns, and any + qualifying pattern matched by another qualifying pattern may5 be dropped from + the list. + + Any pattern, qualified by a pattern that matches it, is overridden and made + irrelevant (in the translation) by the qualifying pattern. Specifically, all + extension patterns and the default pattern are made irrelevant by the presence + of the path prefix pattern "/*" in a deployment descriptor. Patterns qualified + by the "/*" pattern violate the URLPatternSpec constraints of + WebResourcePermission and WebUserDataPermission names and must be rejected by + the corresponding permission constructors. + + @param metaData - the web deployment metadata + @return HashMap<String, PatternInfo> + */ static HashMap qualifyURLPatterns(WebMetaData metaData) { ArrayList prefixList = new ArrayList(); @@ -404,21 +338,21 @@ for(int i = 0; i < prefixList.size(); i ++) { PatternInfo info = (PatternInfo) prefixList.get(i); - // Qualify by every other extension + // Qualify by every other prefix pattern matching this pattern for(int j = 0; j < prefixList.size(); j ++) { if( i == j ) continue; PatternInfo other = (PatternInfo) prefixList.get(j); if( info.matches(other) ) - info.addQualifier(other.pattern); + info.addQualifier(other); } - // Qualify by every matching exact pattern + // Qualify by every exact pattern that is matched by this pattern for(int j = 0; j < exactList.size(); j ++) { PatternInfo other = (PatternInfo) exactList.get(j); if( info.matches(other) ) - info.addQualifier(other.pattern); + info.addQualifier(other); } } @@ -430,14 +364,17 @@ for(int j = 0; j < prefixList.size(); j ++) { PatternInfo other = (PatternInfo) prefixList.get(j); - info.addQualifier(other.pattern); + { + // Any extension + info.addQualifier(other); + } } // Qualify by every matching exact pattern for(int j = 0; j < exactList.size(); j ++) { PatternInfo other = (PatternInfo) exactList.get(j); if( info.isExtensionFor(other) ) - info.addQualifier(other.pattern); + info.addQualifier(other); } } @@ -453,32 +390,205 @@ PatternInfo info = (PatternInfo) iter.next(); if( info == defaultInfo ) continue; - defaultInfo.addQualifier(info.pattern); + defaultInfo.addQualifier(info); } return patternMap; } + /** + * A representation of all security-constraint mappings for a unique + * url-pattern + */ static class PatternInfo { + static final HashMap ALL_TRANSPORTS = new HashMap(); + static + { + ALL_TRANSPORTS.put("NONE", WebSecurityMetaData.ALL_HTTP_METHODS); + } + + /** The raw url-pattern string from the web.xml */ String pattern; + /** The qualified url pattern as determined by qualifyURLPatterns */ String qpattern; - int type; - boolean hadPermissions; + /** The list of qualifying patterns as determined by qualifyURLPatterns */ ArrayList qualifiers = new ArrayList(); + /** One of PREFIX, EXTENSION, DEFAULT, EXACT */ + int type; + /** HashSet<String> Union of all http methods seen in excluded statements */ + HashSet excludedMethods; + /** HashMap<String, HashSet<String>> role to http methods */ + HashMap roles; + /** HashMap<String, HashSet<String>> transport to http methods */ + HashMap transports; + // The url pattern to http methods for patterns for + HashSet allMethods = new HashSet(); + /** Does a qualifying pattern match this pattern and make this pattern + * obsolete? + */ + boolean isOverriden; + /** + * @param pattern - the url-pattern value + * @param type - one of EXACT, EXTENSION, PREFIX, DEFAULT + */ PatternInfo(String pattern, int type) { this.pattern = pattern; this.type = type; } - void addQualifier(String pattern) + /** + * Augment the excluded methods associated with this url + * @param httpMethods + */ + void addExcludedMethods(String[] httpMethods) + { + Collection methods = Arrays.asList(httpMethods); + if( methods.size() == 0 ) + methods = WebSecurityMetaData.ALL_HTTP_METHODS; + if( excludedMethods == null ) + excludedMethods = new HashSet(); + excludedMethods.addAll(methods); + allMethods.addAll(methods); + } + /** + * Get the list of excluded http methods + * @return excluded http methods if the exist, null if there were no + * excluded security constraints + */ + public String[] getExcludedMethods() + { + String[] httpMethods = null; + if( excludedMethods != null ) + { + httpMethods = new String[excludedMethods.size()]; + excludedMethods.toArray(httpMethods); + } + return httpMethods; + } + + /** + * Update the role to http methods mapping for this url. + * @param mappedRoles - the role-name values for the auth-constraint + * @param httpMethods - the http-method values for the web-resource-collection + */ + public void addRoles(HashSet mappedRoles, String[] httpMethods) + { + Collection methods = Arrays.asList(httpMethods); + if( methods.size() == 0 ) + methods = WebSecurityMetaData.ALL_HTTP_METHODS; + allMethods.addAll(methods); + if( roles == null ) + roles = new HashMap(); + + Iterator iter = mappedRoles.iterator(); + while( iter.hasNext() ) + { + String role = (String) iter.next(); + HashSet roleMethods = (HashSet) roles.get(role); + if( roleMethods == null ) + { + roleMethods = new HashSet(); + roles.put(role, roleMethods); + } + roleMethods.addAll(methods); + } + } + /** + * Get the role to http method mappings + * @return Iterator<Map.Entry<String, HasSet<String>>> for the role + * to http method mappings. + */ + public Iterator getRoleMethods() + { + HashMap tmp = roles; + if( tmp == null ) + tmp = new HashMap(0); + Iterator iter = tmp.entrySet().iterator(); + return iter; + } + + /** + * Update the role to http methods mapping for this url. + * @param transport - the transport-guarantee value + * @param httpMethods - the http-method values for the web-resource-collection + */ + void addTransport(String transport, String[] httpMethods) + { + Collection methods = Arrays.asList(httpMethods); + if( methods.size() == 0 ) + methods = WebSecurityMetaData.ALL_HTTP_METHODS; + if( transports == null ) + transports = new HashMap(); + + HashSet transportMethods = (HashSet) transports.get(transport); + if( transportMethods == null ) + { + transportMethods = new HashSet(); + transports.put(transport, transportMethods); + } + transportMethods.addAll(methods); + } + /** + * Get the transport to http method mappings + * @return Iterator<Map.Entry<String, HasSet<String>>> for the transport + * to http method mappings. + */ + public Iterator getTransportMethods() + { + HashMap tmp = transports; + if( tmp == null ) + tmp = ALL_TRANSPORTS; + Iterator iter = tmp.entrySet().iterator(); + return iter; + } + + /** + * Get the list of http methods that were not associated with an excluded + * or role based mapping of this url. + * + * @return the subset of http methods that should be unchecked + */ + public String[] getMissingMethods() + { + String[] httpMethods = {}; + if( allMethods.size() == 0 ) + { + // There were no excluded or role based security-constraints + httpMethods = WebSecurityMetaData.ALL_HTTP_METHOD_NAMES; + } + else + { + httpMethods = WebSecurityMetaData.getMissingHttpMethods(allMethods); + } + return httpMethods; + } + + /** + * Add the qualifying pattern. If info is a prefix pattern that matches + * this pattern, it overrides this pattern and will exclude it from + * inclusion in the policy. + * + * @param info - a url pattern that should qualify this pattern + */ + void addQualifier(PatternInfo info) + { + if( qualifiers.contains(info) == false ) { - if( qualifiers.contains(pattern) == false ) - qualifiers.add(pattern); + // See if this pattern is matched by the qualifier + if( info.type == PREFIX && info.matches(this) ) + isOverriden = true; + qualifiers.add(info); + } } + /** + * Get the url pattern with its qualifications + * @see WebPermissionMapping#qualifyURLPatterns(org.jboss.metadata.WebMetaData) + * @return the qualified form of the url pattern + */ public String getQualifiedPattern() { if( qpattern == null ) @@ -487,7 +597,8 @@ for(int n = 0; n < qualifiers.size(); n ++) { tmp.append(':'); - tmp.append(qualifiers.get(n)); + PatternInfo info = (PatternInfo) qualifiers.get(n); + tmp.append(info.pattern); } qpattern = tmp.toString(); } @@ -505,12 +616,25 @@ return pattern.equals(pi.pattern); } + /** + * See if this pattern is matches the other pattern + * @param other - another pattern + * @return true if the other pattern starts with this + * pattern less the "/*", false otherwise + */ public boolean matches(PatternInfo other) { - boolean matches = matches = other.pattern.regionMatches(0, pattern, 0, pattern.length()-2); + int matchLength = pattern.length()-2; + boolean matches = pattern.regionMatches(0, other.pattern, 0, matchLength); return matches; } + /** + * See if this is an extension pattern that matches other + * @param other - another pattern + * @return true if is an extension pattern and other ends with this + * pattern + */ public boolean isExtensionFor(PatternInfo other) { int offset = other.pattern.lastIndexOf('.'); @@ -530,10 +654,13 @@ tmp.append(pattern); tmp.append(",type="); tmp.append(type); + tmp.append(",isOverriden="); + tmp.append(isOverriden); tmp.append(",qualifiers="); tmp.append(qualifiers); tmp.append("]"); return tmp.toString(); } + } } |
From: Adrian B. <adr...@jb...> - 2005-05-18 00:11:09
|
User: adrian Date: 05/05/17 20:10:54 Modified: src/main/org/jboss/web Tag: Branch_4_0 AbstractWebDeployer.java Log: Fixes for java5 compilation Revision Changes Path No revision No revision 1.20.2.7 +4 -4 jboss/src/main/org/jboss/web/AbstractWebDeployer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebDeployer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebDeployer.java,v retrieving revision 1.20.2.6 retrieving revision 1.20.2.7 diff -u -b -r1.20.2.6 -r1.20.2.7 --- AbstractWebDeployer.java 22 Apr 2005 21:25:36 -0000 1.20.2.6 +++ AbstractWebDeployer.java 18 May 2005 00:10:54 -0000 1.20.2.7 @@ -138,7 +138,7 @@ extends="org.jboss.deployment.SubDeployerMBean" @author Sco...@jb... -@version $Revision: 1.20.2.6 $ +@version $Revision: 1.20.2.7 $ */ public abstract class AbstractWebDeployer { @@ -602,11 +602,11 @@ protected void linkMessageDestinationRefs(WebMetaData metaData, Context envCtx, DeploymentInfo di) throws NamingException, DeploymentException { - Iterator enum = metaData.getMessageDestinationReferences(); + Iterator i = metaData.getMessageDestinationReferences(); - while (enum.hasNext()) + while (i.hasNext()) { - MessageDestinationRefMetaData ref = (MessageDestinationRefMetaData) enum.next(); + MessageDestinationRefMetaData ref = (MessageDestinationRefMetaData) i.next(); String refName = ref.getRefName(); String jndiName = ref.getJNDIName(); |
From: Bill D. <bde...@jb...> - 2005-06-01 00:30:28
|
User: bdecoste Date: 05/05/31 20:30:01 Modified: src/main/org/jboss/web AbstractWebDeployer.java Log: ejb3 web support Revision Changes Path 1.29 +2 -2 jboss/src/main/org/jboss/web/AbstractWebDeployer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebDeployer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebDeployer.java,v retrieving revision 1.28 retrieving revision 1.29 diff -u -b -r1.28 -r1.29 --- AbstractWebDeployer.java 22 Apr 2005 21:19:12 -0000 1.28 +++ AbstractWebDeployer.java 1 Jun 2005 00:30:01 -0000 1.29 @@ -147,7 +147,7 @@ extends="org.jboss.deployment.SubDeployerMBean" @author Sco...@jb... -@version $Revision: 1.28 $ +@version $Revision: 1.29 $ */ public abstract class AbstractWebDeployer { |
From: Thomas D. <tho...@jb...> - 2005-06-01 18:52:21
|
User: tdiesler Date: 05/06/01 14:51:53 Modified: src/main/org/jboss/web AbstractWebContainer.java Log: Add inlined mbean descriptor to tomcat deployer jboss-service.xml to use the WebServiceInterceptor for tighter integeration with web service deployment. Revision Changes Path 1.91 +2 -2 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.90 retrieving revision 1.91 diff -u -b -r1.90 -r1.91 --- AbstractWebContainer.java 13 Apr 2005 18:24:48 -0000 1.90 +++ AbstractWebContainer.java 1 Jun 2005 18:51:53 -0000 1.91 @@ -45,7 +45,7 @@ @author Sco...@jb... @author Chr...@in... @author Tho...@ar... - @version $Revision: 1.90 $ + @version $Revision: 1.91 $ */ public abstract class AbstractWebContainer extends SubDeployerSupport @@ -104,7 +104,7 @@ /** The request attribute name under which the JAAS Subject is store */ private String subjectAttributeName = null; /** The ServiceController used to control web app startup dependencies */ - private ServiceControllerMBean serviceController; + protected ServiceControllerMBean serviceController; public AbstractWebContainer() { |
From: Adrian B. <adr...@jb...> - 2005-06-15 00:32:50
|
User: adrian Date: 05/06/14 20:32:17 Modified: src/main/org/jboss/web AbstractWebContainer.java Log: Avoid passing null object names to the service controller Revision Changes Path 1.92 +3 -2 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.91 retrieving revision 1.92 diff -u -b -r1.91 -r1.92 --- AbstractWebContainer.java 1 Jun 2005 18:51:53 -0000 1.91 +++ AbstractWebContainer.java 15 Jun 2005 00:32:17 -0000 1.92 @@ -45,7 +45,7 @@ @author Sco...@jb... @author Chr...@in... @author Tho...@ar... - @version $Revision: 1.91 $ + @version $Revision: 1.92 $ */ public abstract class AbstractWebContainer extends SubDeployerSupport @@ -388,6 +388,7 @@ ObjectName jmxName = (ObjectName) di.context.get(WEB_MODULE); try { + if (jmxName != null) serviceController.stop(jmxName); } catch (DeploymentException e) |
From: Adrian B. <adr...@jb...> - 2005-06-15 00:33:21
|
User: adrian Date: 05/06/14 20:32:36 Modified: src/main/org/jboss/web Tag: Branch_4_0 AbstractWebContainer.java Log: Avoid passing null object names to the service controller Revision Changes Path No revision No revision 1.89.4.3 +3 -2 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.89.4.2 retrieving revision 1.89.4.3 diff -u -b -r1.89.4.2 -r1.89.4.3 --- AbstractWebContainer.java 3 Apr 2005 07:23:02 -0000 1.89.4.2 +++ AbstractWebContainer.java 15 Jun 2005 00:32:35 -0000 1.89.4.3 @@ -45,7 +45,7 @@ @author Sco...@jb... @author Chr...@in... @author Tho...@ar... - @version $Revision: 1.89.4.2 $ + @version $Revision: 1.89.4.3 $ */ public abstract class AbstractWebContainer extends SubDeployerSupport @@ -422,6 +422,7 @@ ObjectName jmxName = (ObjectName) di.context.get(WEB_MODULE); try { + if (jmxName != null) serviceController.stop(jmxName); } catch (DeploymentException e) |
From: Dimitris A. <dim...@jb...> - 2005-06-24 18:08:06
|
User: dimitris Date: 05/06/24 14:07:25 Modified: src/main/org/jboss/web Tag: Branch_4_0 AbstractWebContainer.java Log: [JBAS-1785] - introduce the DynamicInterceptor to the tomcat deployer Revision Changes Path No revision No revision 1.89.4.4 +2 -2 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.89.4.3 retrieving revision 1.89.4.4 diff -u -b -r1.89.4.3 -r1.89.4.4 --- AbstractWebContainer.java 15 Jun 2005 00:32:35 -0000 1.89.4.3 +++ AbstractWebContainer.java 24 Jun 2005 18:07:25 -0000 1.89.4.4 @@ -45,7 +45,7 @@ @author Sco...@jb... @author Chr...@in... @author Tho...@ar... - @version $Revision: 1.89.4.3 $ + @version $Revision: 1.89.4.4 $ */ public abstract class AbstractWebContainer extends SubDeployerSupport @@ -107,7 +107,7 @@ /** The request attribute name under which the JAAS Subject is store */ private String subjectAttributeName = null; /** The ServiceController used to control web app startup dependencies */ - private ServiceControllerMBean serviceController; + protected ServiceControllerMBean serviceController; public AbstractWebContainer() { |
From: Adrian B. <adr...@jb...> - 2005-07-07 00:13:26
|
User: adrian Date: 05/07/06 20:12:33 Modified: src/main/org/jboss/web AbstractWebContainer.java Log: [JBAS-1877] - file this-is-not.awar is not a war Revision Changes Path 1.93 +2 -2 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.92 retrieving revision 1.93 diff -u -b -r1.92 -r1.93 --- AbstractWebContainer.java 15 Jun 2005 00:32:17 -0000 1.92 +++ AbstractWebContainer.java 7 Jul 2005 00:12:33 -0000 1.93 @@ -45,7 +45,7 @@ @author Sco...@jb... @author Chr...@in... @author Tho...@ar... - @version $Revision: 1.92 $ + @version $Revision: 1.93 $ */ public abstract class AbstractWebContainer extends SubDeployerSupport @@ -221,7 +221,7 @@ public boolean accepts(DeploymentInfo sdi) { String warFile = sdi.url.getFile(); - return warFile.endsWith("war") || warFile.endsWith("war/"); + return warFile.endsWith(".war") || warFile.endsWith(".war/"); } public synchronized void init(DeploymentInfo di) |
From: Adrian B. <adr...@jb...> - 2005-07-07 00:41:53
|
User: adrian Date: 05/07/06 20:41:03 Modified: src/main/org/jboss/web Tag: Branch_4_0 AbstractWebContainer.java Log: [JBAS-1887] - Don't deploy not.awar as a web application Revision Changes Path No revision No revision 1.89.4.5 +2 -2 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.89.4.4 retrieving revision 1.89.4.5 diff -u -b -r1.89.4.4 -r1.89.4.5 --- AbstractWebContainer.java 24 Jun 2005 18:07:25 -0000 1.89.4.4 +++ AbstractWebContainer.java 7 Jul 2005 00:41:03 -0000 1.89.4.5 @@ -45,7 +45,7 @@ @author Sco...@jb... @author Chr...@in... @author Tho...@ar... - @version $Revision: 1.89.4.4 $ + @version $Revision: 1.89.4.5 $ */ public abstract class AbstractWebContainer extends SubDeployerSupport @@ -245,7 +245,7 @@ { String warFile = sdi.url.getFile(); // Should be checking for .war and .war/ - boolean accepts = warFile.endsWith("war") || warFile.endsWith("war/"); + boolean accepts = warFile.endsWith(".war") || warFile.endsWith(".war/"); if ( accepts == false && acceptNonWarDirs == true ) { // Check for a local unpacked directory with a /WEB-INF/web.xml |
From: Thomas D. <tho...@jb...> - 2005-07-23 18:51:59
|
User: tdiesler Date: 05/07/23 14:50:55 Modified: src/main/org/jboss/web AbstractWebContainer.java Log: Add DeploymentInfo.annotationCL that is initialized in the deployment create step from the EJBDeployer, EJB3Deployer, AbstractWebContatiner. EJB3, Tomcat make their respective classloaders availbale too late for the web service layer to read possible JSR181 annotations. This adds support for JSR3 annotated EJB3 endpoints. Revision Changes Path 1.94 +31 -4 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.93 retrieving revision 1.94 diff -u -b -r1.93 -r1.94 --- AbstractWebContainer.java 7 Jul 2005 00:12:33 -0000 1.93 +++ AbstractWebContainer.java 23 Jul 2005 18:50:55 -0000 1.94 @@ -14,10 +14,12 @@ import java.lang.reflect.Method; import java.net.URL; import java.net.URLClassLoader; +import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; +import java.util.List; import java.util.Set; import javax.management.ObjectName; @@ -30,6 +32,7 @@ import org.jboss.mx.loading.LoaderRepositoryFactory.LoaderRepositoryConfig; import org.jboss.mx.util.MBeanProxyExt; import org.jboss.system.ServiceControllerMBean; +import org.jboss.util.file.FilenameSuffixFilter; import org.jboss.util.file.JarUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -45,7 +48,7 @@ @author Sco...@jb... @author Chr...@in... @author Tho...@ar... - @version $Revision: 1.93 $ + @version $Revision: 1.94 $ */ public abstract class AbstractWebContainer extends SubDeployerSupport @@ -227,7 +230,7 @@ public synchronized void init(DeploymentInfo di) throws DeploymentException { - log.debug("Begin init"); + log.debug("Begin init, " + di.shortName); this.server = di.getServer(); try { @@ -298,7 +301,7 @@ if (config != null) di.setRepositoryInfo(config); - // Generate an event for the initialization + // invoke super-class initialization super.init(di); } catch (DeploymentException e) @@ -312,7 +315,7 @@ throw new DeploymentException(e); } - log.debug("End init"); + log.debug("End init, " + di.shortName); } /** Create a WebModule service, register it under the name @@ -325,8 +328,32 @@ */ public void create(DeploymentInfo di) throws DeploymentException { + log.debug("create, " + di.shortName); try { + // initialize the annotations loader + URL loaderURL = (di.localUrl != null ? di.localUrl : di.url); + if (loaderURL.toExternalForm().endsWith("/")) + { + List urlList = new ArrayList(); + urlList.add(new URL(loaderURL + "WEB-INF/classes")); + File libDir = new File(loaderURL + "WEB-INF/lib"); + String[] jarArr = libDir.list(new FilenameSuffixFilter(".jar")); + for (int i = 0; jarArr != null && i < jarArr.length; i++) + { + String urlStr = loaderURL + "WEB-INF/lib/" + jarArr[i]; + urlList.add(new URL(urlStr)); + } + URL[] urlArr = new URL[urlList.size()]; + urlList.toArray(urlArr); + di.annotationsCl = new URLClassLoader(urlArr, di.ucl); + } + else + { + // TODO + log.debug("Annotations class loader not initalized for unexpanded web apps"); + } + AbstractWebDeployer deployer = getDeployer(di); di.context.put(DEPLOYER, deployer); WebMetaData metaData = (WebMetaData) di.metaData; |
From: Thomas D. <tho...@jb...> - 2005-07-24 07:03:01
|
User: tdiesler Date: 05/07/24 03:01:56 Modified: src/main/org/jboss/web AbstractWebContainer.java Log: Support annotationCL on packed/unpacked deployments Revision Changes Path 1.95 +38 -10 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.94 retrieving revision 1.95 diff -u -b -r1.94 -r1.95 --- AbstractWebContainer.java 23 Jul 2005 18:50:55 -0000 1.94 +++ AbstractWebContainer.java 24 Jul 2005 07:01:56 -0000 1.95 @@ -6,6 +6,8 @@ */ package org.jboss.web; +// $Id: AbstractWebContainer.java,v 1.95 2005/07/24 07:01:56 tdiesler Exp $ + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -21,6 +23,9 @@ import java.util.Iterator; import java.util.List; import java.util.Set; +import java.util.jar.JarInputStream; +import java.util.zip.ZipEntry; + import javax.management.ObjectName; import org.jboss.deployment.DeploymentException; @@ -31,6 +36,7 @@ import org.jboss.mx.loading.LoaderRepositoryFactory; import org.jboss.mx.loading.LoaderRepositoryFactory.LoaderRepositoryConfig; import org.jboss.mx.util.MBeanProxyExt; +import org.jboss.mx.util.ObjectNameFactory; import org.jboss.system.ServiceControllerMBean; import org.jboss.util.file.FilenameSuffixFilter; import org.jboss.util.file.JarUtils; @@ -47,8 +53,8 @@ @author Sco...@jb... @author Chr...@in... - @author Tho...@ar... - @version $Revision: 1.94 $ + @author Tho...@jb... + @version $Revision: 1.95 $ */ public abstract class AbstractWebContainer extends SubDeployerSupport @@ -245,13 +251,15 @@ di.watch = di.url; } - // We need to unpack the WAR if it has webservices, because we need + // We need to unpack the WAR if it has webservices.xml, because we need // to manipulate th web.xml before deploying to the web container - boolean hasWebservices = di.localCl.findResource("WEB-INF/webservices.xml") != null; + boolean unpackWebservice = di.localCl.findResource("WEB-INF/webservices.xml") != null; + // With JSR-181 annotated JSE endpoints we need to do it as well even if there is no webservices.xml + unpackWebservice |= server.isRegistered(ObjectNameFactory.create("jboss.ws:service=ServiceEndpointManager")); // Make sure the war is unpacked if unpackWars is true File warFile = new File(di.localUrl.getFile()); - if (warFile.isDirectory() == false && (unpackWars || hasWebservices)) + if (warFile.isDirectory() == false && (unpackWars || unpackWebservice)) { // After findResource we cannot rename the WAR anymore, because // some systems keep an open reference to the file :( @@ -333,11 +341,13 @@ { // initialize the annotations loader URL loaderURL = (di.localUrl != null ? di.localUrl : di.url); - if (loaderURL.toExternalForm().endsWith("/")) + File warFile = new File(di.localUrl.getFile()); + if (warFile.isDirectory()) { List urlList = new ArrayList(); - urlList.add(new URL(loaderURL + "WEB-INF/classes")); - File libDir = new File(loaderURL + "WEB-INF/lib"); + urlList.add(new URL(loaderURL + "WEB-INF/classes/")); + + File libDir = new File(loaderURL + "WEB-INF/lib/"); String[] jarArr = libDir.list(new FilenameSuffixFilter(".jar")); for (int i = 0; jarArr != null && i < jarArr.length; i++) { @@ -350,8 +360,26 @@ } else { - // TODO - log.debug("Annotations class loader not initalized for unexpanded web apps"); + List urlList = new ArrayList(); + urlList.add(new URL(warFile + "!WEB-INF/classes")); + + FileInputStream fis = new FileInputStream(warFile); + JarInputStream jin = new JarInputStream(fis); + ZipEntry entry = jin.getNextEntry(); + while (entry != null) + { + String entryName = entry.getName(); + if (entryName.startsWith("WEB-INF/lib")) + { + urlList.add(new URL(warFile + "!" + entryName)); + } + entry = jin.getNextEntry(); + } + jin.close(); + + URL[] urlArr = new URL[urlList.size()]; + urlList.toArray(urlArr); + di.annotationsCl = new URLClassLoader(urlArr, di.ucl); } AbstractWebDeployer deployer = getDeployer(di); |
From: Scott S. <sco...@jb...> - 2005-07-29 00:41:45
|
User: starksm Date: 05/07/28 20:40:35 Modified: src/main/org/jboss/web Tag: Branch_4_0 WebPermissionMapping.java Log: Fix the invalid reuse of the roles iterator in the unchecked transport constraints method permission generation. Revision Changes Path No revision No revision 1.1.2.3 +8 -8 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -b -r1.1.2.2 -r1.1.2.3 --- WebPermissionMapping.java 25 Apr 2005 06:19:02 -0000 1.1.2.2 +++ WebPermissionMapping.java 29 Jul 2005 00:40:35 -0000 1.1.2.3 @@ -31,7 +31,7 @@ * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.1.2.2 $ + * @version $Revision: 1.1.2.3 $ */ public class WebPermissionMapping { @@ -166,22 +166,22 @@ } // Create the unchecked permissions - httpMethods = info.getMissingMethods(); - if( httpMethods.length > 0 ) + String[] missingHttpMethods = info.getMissingMethods(); + if( missingHttpMethods.length > 0 ) { // Create the unchecked permissions WebResourcePermissions - WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods); + WebResourcePermission wrp = new WebResourcePermission(qurl, missingHttpMethods); pc.addToUncheckedPolicy(wrp); } // Create the unchecked permissions WebUserDataPermissions - info.getTransportMethods(); - while( roles.hasNext() ) + Iterator transportContraints = info.getTransportMethods(); + while( transportContraints.hasNext() ) { - Map.Entry transportMethods = (Map.Entry) roles.next(); + Map.Entry transportMethods = (Map.Entry) transportContraints.next(); String transport = (String) transportMethods.getKey(); - HashSet methods = (HashSet) transportMethods.getValue(); + Set methods = (Set) transportMethods.getValue(); httpMethods = new String[methods.size()]; methods.toArray(httpMethods); WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, transport); |
From: Scott S. <sco...@jb...> - 2005-07-29 00:50:02
|
User: starksm Date: 05/07/28 20:48:54 Modified: src/main/org/jboss/web WebPermissionMapping.java Log: Fix the invalid reuse of the roles iterator in the unchecked transport constraints method permission generation. Revision Changes Path 1.4 +8 -8 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -b -r1.3 -r1.4 --- WebPermissionMapping.java 25 Apr 2005 06:15:08 -0000 1.3 +++ WebPermissionMapping.java 29 Jul 2005 00:48:54 -0000 1.4 @@ -31,7 +31,7 @@ * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.3 $ + * @version $Revision: 1.4 $ */ public class WebPermissionMapping { @@ -166,22 +166,22 @@ } // Create the unchecked permissions - httpMethods = info.getMissingMethods(); - if( httpMethods.length > 0 ) + String[] missingHttpMethods = info.getMissingMethods(); + if( missingHttpMethods.length > 0 ) { // Create the unchecked permissions WebResourcePermissions - WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods); + WebResourcePermission wrp = new WebResourcePermission(qurl, missingHttpMethods); pc.addToUncheckedPolicy(wrp); } // Create the unchecked permissions WebUserDataPermissions - info.getTransportMethods(); - while( roles.hasNext() ) + Iterator transportContraints = info.getTransportMethods(); + while( transportContraints.hasNext() ) { - Map.Entry transportMethods = (Map.Entry) roles.next(); + Map.Entry transportMethods = (Map.Entry) transportContraints.next(); String transport = (String) transportMethods.getKey(); - HashSet methods = (HashSet) transportMethods.getValue(); + Set methods = (Set) transportMethods.getValue(); httpMethods = new String[methods.size()]; methods.toArray(httpMethods); WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, transport); |
From: Scott S. <sco...@jb...> - 2005-08-01 01:39:08
|
User: starksm Date: 05/07/31 19:15:43 Modified: src/main/org/jboss/web WebPermissionMapping.java Log: fix some bad chars in the comment. Revision Changes Path 1.5 +2 -2 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -b -r1.4 -r1.5 --- WebPermissionMapping.java 29 Jul 2005 00:48:54 -0000 1.4 +++ WebPermissionMapping.java 31 Jul 2005 23:15:43 -0000 1.5 @@ -31,7 +31,7 @@ * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.4 $ + * @version $Revision: 1.5 $ */ public class WebPermissionMapping { @@ -256,7 +256,7 @@ The rules for qualifying a URL pattern are dependent on the rules for determining if one URL pattern matches another as defined in Section 3.1.3.3, - âServlet URL-Pattern Matching Rulesâ, and are described as follows: + Servlet URL-Pattern Matching Rules, and are described as follows: - If the pattern is a path prefix pattern, it must be qualified by every path-prefix pattern in the deployment descriptor matched by and different from the pattern being qualified. The pattern must also be qualified by every exact |
From: Scott S. <sco...@jb...> - 2005-08-01 21:04:27
|
User: starksm Date: 05/08/01 17:03:12 Modified: src/main/org/jboss/web Tag: Branch_4_0 WebPermissionMapping.java Log: JBAS-2043, the transport/http methods should only be added to the role based patterns. Revision Changes Path No revision No revision 1.1.2.4 +4 -4 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -b -r1.1.2.3 -r1.1.2.4 --- WebPermissionMapping.java 29 Jul 2005 00:40:35 -0000 1.1.2.3 +++ WebPermissionMapping.java 1 Aug 2005 21:03:12 -0000 1.1.2.4 @@ -31,7 +31,7 @@ * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.1.2.3 $ + * @version $Revision: 1.1.2.4 $ */ public class WebPermissionMapping { @@ -83,8 +83,6 @@ { info.addExcludedMethods(httpMethods); } - // Add the transport to methods - info.addTransport(transport, httpMethods); } } } @@ -123,6 +121,8 @@ } } info.addRoles(mappedRoles, httpMethods); + // Add the transport to methods + info.addTransport(transport, httpMethods); } } } @@ -256,7 +256,7 @@ The rules for qualifying a URL pattern are dependent on the rules for determining if one URL pattern matches another as defined in Section 3.1.3.3, - âServlet URL-Pattern Matching Rulesâ, and are described as follows: + Servlet URL-Pattern Matching Rules, and are described as follows: - If the pattern is a path prefix pattern, it must be qualified by every path-prefix pattern in the deployment descriptor matched by and different from the pattern being qualified. The pattern must also be qualified by every exact |
From: Scott S. <sco...@jb...> - 2005-08-01 21:04:57
|
User: starksm Date: 05/08/01 17:03:47 Modified: src/main/org/jboss/web WebPermissionMapping.java Log: JBAS-2043, the transport/http methods should only be added to the role based patterns. Revision Changes Path 1.6 +3 -3 jboss/src/main/org/jboss/web/WebPermissionMapping.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebPermissionMapping.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebPermissionMapping.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -b -r1.5 -r1.6 --- WebPermissionMapping.java 31 Jul 2005 23:15:43 -0000 1.5 +++ WebPermissionMapping.java 1 Aug 2005 21:03:47 -0000 1.6 @@ -31,7 +31,7 @@ * permission from a deployment's metadata. * * @author Sco...@jb... - * @version $Revision: 1.5 $ + * @version $Revision: 1.6 $ */ public class WebPermissionMapping { @@ -83,8 +83,6 @@ { info.addExcludedMethods(httpMethods); } - // Add the transport to methods - info.addTransport(transport, httpMethods); } } } @@ -123,6 +121,8 @@ } } info.addRoles(mappedRoles, httpMethods); + // Add the transport to methods + info.addTransport(transport, httpMethods); } } } |
From: Adrian B. <adr...@jb...> - 2005-08-03 21:52:51
|
User: adrian Date: 05/08/03 17:51:37 Modified: src/main/org/jboss/web Tag: Branch_4_0 WebServer.java Log: [JBAS-1782] - Fix remote classloading for archives other than .jar and add test for packed and unpacked sars. Revision Changes Path No revision No revision 1.26.4.7 +2 -2 jboss/src/main/org/jboss/web/WebServer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebServer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebServer.java,v retrieving revision 1.26.4.6 retrieving revision 1.26.4.7 diff -u -b -r1.26.4.6 -r1.26.4.7 --- WebServer.java 3 Aug 2005 19:12:27 -0000 1.26.4.6 +++ WebServer.java 3 Aug 2005 21:51:37 -0000 1.26.4.7 @@ -41,7 +41,7 @@ * It is configured by calling any methods programmatically prior to startup. * @author <a href="mailto:ma...@jb...">Marc Fleury</a> * @author <a href="mailto:Scott.Stark@org.jboss">Scott Stark</a>. - * @version $Revision: 1.26.4.6 $ + * @version $Revision: 1.26.4.7 $ * @see WebClassLoader */ public class WebServer @@ -379,7 +379,7 @@ } else { - if (clazzUrl.getFile().endsWith(".jar")) + if (clazzUrl.getFile().endsWith("/") == false) { clazzUrl = new URL("jar:" + clazzUrl + "!/" + filePath); } |
From: Adrian B. <adr...@jb...> - 2005-08-03 21:53:02
|
User: adrian Date: 05/08/03 17:51:48 Modified: src/main/org/jboss/web WebServer.java Log: [JBAS-1782] - Fix remote classloading for archives other than .jar and add test for packed and unpacked sars. Revision Changes Path 1.32 +2 -2 jboss/src/main/org/jboss/web/WebServer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: WebServer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/WebServer.java,v retrieving revision 1.31 retrieving revision 1.32 diff -u -b -r1.31 -r1.32 --- WebServer.java 3 Aug 2005 19:12:33 -0000 1.31 +++ WebServer.java 3 Aug 2005 21:51:48 -0000 1.32 @@ -41,7 +41,7 @@ * It is configured by calling any methods programmatically prior to startup. * @author <a href="mailto:ma...@jb...">Marc Fleury</a> * @author <a href="mailto:Scott.Stark@org.jboss">Scott Stark</a>. - * @version $Revision: 1.31 $ + * @version $Revision: 1.32 $ * @see WebClassLoader */ public class WebServer @@ -380,7 +380,7 @@ } else { - if (clazzUrl.getFile().endsWith(".jar")) + if (clazzUrl.getFile().endsWith("/") == false) { clazzUrl = new URL("jar:" + clazzUrl + "!/" + filePath); } |
From: Dimitris A. <dim...@jb...> - 2005-09-11 22:24:39
|
User: dimitris Date: 05/09/11 18:24:36 Modified: src/main/org/jboss/web Tag: Branch_4_0 AbstractWebContainer.java Log: JBAS-2232 - introduce SubDeployerExt/SubDeployerExtMBean for dynamically specifying EnhancedSuffixes in SubDeployers Revision Changes Path No revision No revision 1.89.4.6 +16 -10 jboss/src/main/org/jboss/web/AbstractWebContainer.java (In the diff below, changes in quantity of whitespace are not shown.) Index: AbstractWebContainer.java =================================================================== RCS file: /cvsroot/jboss/jboss/src/main/org/jboss/web/AbstractWebContainer.java,v retrieving revision 1.89.4.5 retrieving revision 1.89.4.6 diff -u -b -r1.89.4.5 -r1.89.4.6 --- AbstractWebContainer.java 7 Jul 2005 00:41:03 -0000 1.89.4.5 +++ AbstractWebContainer.java 11 Sep 2005 22:24:36 -0000 1.89.4.6 @@ -1,5 +1,5 @@ /* - * JBoss, the OpenSource J2EE WebOS + * JBoss, Home of Professional Open Source * * Distributable under LGPL license. * See terms of license at gnu.org. @@ -19,6 +19,7 @@ import java.util.HashSet; import java.util.Iterator; import java.util.Set; + import javax.management.ObjectName; import org.jboss.deployment.DeploymentException; @@ -45,10 +46,9 @@ @author Sco...@jb... @author Chr...@in... @author Tho...@ar... - @version $Revision: 1.89.4.5 $ + @version $Revision: 1.89.4.6 $ */ -public abstract class AbstractWebContainer - extends SubDeployerSupport +public abstract class AbstractWebContainer extends SubDeployerSupport implements AbstractWebContainerMBean { public static final String DEPLOYER = "org.jboss.web.AbstractWebContainer.deployer"; @@ -89,6 +89,11 @@ public DeploymentInfo getDeploymentInfo(); } + /** The suffixes we accept, along with their relative order */ + private static final String[] DEFAULT_ENHANCED_SUFFIXES = new String[] { + "500:.war" + }; + /** A mapping of deployed warUrl strings to the WebApplication object */ protected HashMap deploymentMap = new HashMap(); /** The parent class loader first model flag */ @@ -111,6 +116,7 @@ public AbstractWebContainer() { + setEnhancedSuffixes(DEFAULT_ENHANCED_SUFFIXES); } /** Get the flag indicating if the normal Java2 parent first class loading @@ -243,15 +249,15 @@ public boolean accepts(DeploymentInfo sdi) { - String warFile = sdi.url.getFile(); // Should be checking for .war and .war/ - boolean accepts = warFile.endsWith(".war") || warFile.endsWith(".war/"); - if ( accepts == false && acceptNonWarDirs == true ) + boolean accepts = super.accepts(sdi); + + if (accepts == false && acceptNonWarDirs == true) { // Check for a local unpacked directory with a /WEB-INF/web.xml - if( sdi.url.getProtocol().equalsIgnoreCase("file") ) + if (sdi.url.getProtocol().equalsIgnoreCase("file")) { - File webXml = new File(warFile, "WEB-INF/web.xml"); + File webXml = new File(sdi.url.getFile(), "WEB-INF/web.xml"); accepts = webXml.exists(); } } |