Author: remy.maucherat(a)jboss.com
Date: 2009-12-03 09:38:38 -0500 (Thu, 03 Dec 2009)
New Revision: 1314
Modified:
trunk/java/org/apache/catalina/startup/ContextConfig.java
Log:
- I give up for now (I might remove this later) ... Also allow Java method names (at least
for the annotations, I suppose it will be a common mistake).
Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java
===================================================================
--- trunk/java/org/apache/catalina/startup/ContextConfig.java 2009-12-03 12:04:08 UTC (rev
1313)
+++ trunk/java/org/apache/catalina/startup/ContextConfig.java 2009-12-03 14:38:38 UTC (rev
1314)
@@ -2120,7 +2120,8 @@
{
for (HttpMethodConstraintElement httpMethodConstraint :
httpMethodConstraints)
{
- methodOmissions.add(httpMethodConstraint.getMethodName());
+ String method =
toHttpMethod(httpMethodConstraint.getMethodName());
+ methodOmissions.add(method);
boolean methodPA =
httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.PERMIT);
boolean methodDA =
httpMethodConstraint.getEmptyRoleSemantic().equals(EmptyRoleSemantic.DENY);
boolean methodTP =
httpMethodConstraint.getTransportGuarantee().equals(TransportGuarantee.CONFIDENTIAL);
@@ -2144,7 +2145,7 @@
constraint.setUserConstraint(org.apache.catalina.realm.Constants.CONFIDENTIAL_TRANSPORT);
}
SecurityCollection collection = new SecurityCollection();
- collection.addMethod(httpMethodConstraint.getMethodName());
+ collection.addMethod(method);
// Determine pattern set
String[] urlPatterns = wrapper.findMappings();
Set<String> servletSecurityPatterns = new
HashSet<String>();
@@ -2207,6 +2208,20 @@
/**
+ * Although this does not comply with the spec, it is likely Java method names
+ * will be used in the annotations. Since it is not possible to validate, this
+ * would be an error that is invisible for the user.
+ * @param method
+ * @return
+ */
+ protected String toHttpMethod(String method) {
+ if (method == null || method.length() < 3 ||
(!method.startsWith("do")))
+ return method;
+ return method.substring(2).toUpperCase();
+ }
+
+
+ /**
* Validate the usage of security role names in the web application
* deployment descriptor. If any problems are found, issue warning
* messages (for backwards compatibility) and add the missing roles.