#534 JACC fix for defect 1054897

v4.0
closed-fixed
JBossSX (25)
5
2004-11-06
2004-10-27
No

Here is a fix for defect 1054897. The implies methods
in the WebResourcePermission and WebUserDataPermission
classes are modified to check for an empty httpMethods
in addition to a null httpMethods instance variable.
The diffs are listed below and are included in a zip
file. I successfully tested this fix against the
example webapp included in the defect.

--- WebResourcePermissionOld.java 2004-07-19
23:58:43.000000000 -0600
+++ WebResourcePermissionNew.java 2004-10-27
14:31:16.500000000 -0600
@@ -268,7 +268,7 @@
if( implies == true )
{
// Check the http methods
- if( httpMethods != null )
+ if( httpMethods != null && httpMethods.size()
> 0 )
implies =
httpMethods.containsAll(perm.httpMethods);
}

--- WebUserDataPermissionOld.java 2004-07-19
23:59:00.000000000 -0600
+++ WebUserDataPermissionNew.java 2004-10-27
14:31:16.484375000 -0600
@@ -312,7 +312,7 @@
if( implies == true )
{
// Check the http methods
- if( httpMethods != null )
+ if( httpMethods != null && httpMethods.size()
> 0 )
implies =
httpMethods.containsAll(perm.httpMethods);
// Check the transport guarentee
if( implies == true && transportType != null )

Discussion

  • Stephen Kinser

    Stephen Kinser - 2004-10-27

    Detailed differences for the WebResourcePermission and WebUserDataPermission classes.

     
  • Scott M Stark

    Scott M Stark - 2004-10-28
    • assigned_to: nobody --> starksm
     
  • Scott M Stark

    Scott M Stark - 2004-11-06

    Logged In: YES
    user_id=175228

    This has been fixed by nulling the actions set returned from
    canonicalMethods(TreeSet actions) when
    actions.equals(ALL_HTTP_METHODS) || actions.size() == 0

    It will be in the 4.0.1 final release.

     
  • Scott M Stark

    Scott M Stark - 2004-11-06
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks