Author: chris.laprun(a)jboss.com Date: 2009-05-16 17:26:07 -0400 (Sat, 16 May 2009) New Revision: 13386 Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/BaseRoleAction.java branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/CreateRoleAction.java branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/EditRoleAction.java branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity.properties branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity_fr.properties Log: - JBPORTAL-2391: completed validation of role names and display names. Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/BaseRoleAction.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/BaseRoleAction.java 2009-05-16 21:16:01 UTC (rev 13385) +++ branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/BaseRoleAction.java 2009-05-16 21:26:07 UTC (rev 13386) @@ -23,10 +23,10 @@ package org.jboss.portal.core.identity.ui.actions; +import org.jboss.portal.core.identity.ui.UIRole; +import org.jboss.portal.core.identity.ui.common.IdentityRoleBean; import org.jboss.portal.faces.gui.ManagedBean; import org.jboss.portal.identity.IdentityException; -import org.jboss.portal.core.identity.ui.UIRole; -import org.jboss.portal.core.identity.ui.common.IdentityRoleBean; /** * @author <a href="mailto:chris.laprun@jboss.com">Chris Laprun</a> @@ -34,21 +34,37 @@ */ public class BaseRoleAction extends ManagedBean { - /** .*/ + /** . */ protected UIRole uiRole; - /** .*/ + /** . */ protected IdentityRoleBean identityRoleBean; + protected final PropertyValidator displayNameValidator = new DisplayNameValidator(); + private static final String ROLE_DISPLAY_TYPE = "ROLE_DISPLAY_TYPE"; + private static final String ROLE_TYPE = "ROLE_TYPE"; + protected String getObjectTypeName() { - return "ROLE_TYPE"; + return ROLE_TYPE; } public boolean isAlreadyExisting(String objectName) { + return isAlreadyExisting(objectName, false); + } + + protected boolean isAlreadyExisting(String objectName, boolean isDisplay) + { try { - return identityRoleBean.getRoleModule().findRoleByName(objectName) != null; + if (isDisplay) + { + return identityRoleBean.getRoleModule().findRoleByDisplayName(objectName) != null; + } + else + { + return identityRoleBean.getRoleModule().findRoleByName(objectName) != null; + } } catch (IdentityException e) { @@ -68,6 +84,24 @@ } } + private class DisplayNameValidator implements PropertyValidator + { + public boolean checkForDuplicates() + { + return true; + } + + public String getObjectTypeName() + { + return ROLE_DISPLAY_TYPE; + } + + public boolean isAlreadyExisting(String propertyName) + { + return BaseRoleAction.this.isAlreadyExisting(propertyName, true); + } + } + public UIRole getUiRole() { return uiRole; Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/CreateRoleAction.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/CreateRoleAction.java 2009-05-16 21:16:01 UTC (rev 13385) +++ branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/CreateRoleAction.java 2009-05-16 21:26:07 UTC (rev 13386) @@ -40,8 +40,10 @@ String name = this.uiRole.getName(); String displayName = this.uiRole.getDisplayName(); name = checkNameValidity(name, "create-role-form:rolename"); - displayName = checkNameValidity(displayName, "create-role-form:roledisplayname", false); + // check display name validity for XSS injection but check duplicate separately due to limitation to how ManagedBean works + displayName = checkNameValidity(displayName, "create-role-form:roledisplayname", displayNameValidator); + if (name != null && displayName != null) { try Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/EditRoleAction.java =================================================================== --- branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/EditRoleAction.java 2009-05-16 21:16:01 UTC (rev 13385) +++ branches/JBoss_Portal_Branch_2_7/core-identity/src/main/org/jboss/portal/core/identity/ui/actions/EditRoleAction.java 2009-05-16 21:26:07 UTC (rev 13386) @@ -23,6 +23,8 @@ package org.jboss.portal.core.identity.ui.actions; import org.jboss.portal.common.text.FastURLDecoder; +import org.jboss.portal.core.identity.ui.UIRole; +import org.jboss.portal.identity.IdentityException; /** * @author <a href="mailto:emuckenh@redhat.com">Emanuel Muckenhuber</a> @@ -54,7 +56,24 @@ public String updateRole() { String roleDisplayName = this.uiRole.getDisplayName(); - roleDisplayName = checkNameValidity(roleDisplayName, "edit-role-link:display-name", false); // do not check for duplicates + + // Check that the new role is different from the old one + try + { + String roleName = uiRole.getName(); + UIRole current = identityRoleBean.getUIRole(roleName); + if (!isOldAndNewDifferent(current.getDisplayName(), roleDisplayName)) + { + // if the new and old display names are the same, just return + return "roleAdmin"; + } + } + catch (IdentityException e) + { + log.error("Couldn't get current role " + roleDisplayName); + } + + roleDisplayName = checkNameValidity(roleDisplayName, "edit-role-link:display-name", displayNameValidator); // display names are unique as well if (roleDisplayName != null) { try @@ -69,5 +88,4 @@ } return null; } - } Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity.properties =================================================================== --- branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity.properties 2009-05-16 21:16:01 UTC (rev 13385) +++ branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity.properties 2009-05-16 21:26:07 UTC (rev 13386) @@ -177,6 +177,7 @@ IDENTITY_VALIDATION_ERROR_CAPTCHA_INCORRECT=Captcha incorrect ROLE_TYPE=role +ROLE_DISPLAY_TYPE=role display INVALID_NAME_ERROR=''{0}'' is an invalid {1} name: Cannot be null, empty or contain '\\', '<', '>', '(', ')', '=' or '%5c' DUPLICATE_ERROR=A {1} named ''{0}'' already exists! Modified: branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity_fr.properties =================================================================== --- branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity_fr.properties 2009-05-16 21:16:01 UTC (rev 13385) +++ branches/JBoss_Portal_Branch_2_7/core-identity/src/resources/portal-identity-sar/conf/bundles/Identity_fr.properties 2009-05-16 21:26:07 UTC (rev 13386) @@ -297,5 +297,6 @@ javax.faces.component.UIInput.REQUIRED=Valeur requise ROLE_TYPE=r\u00f4le +ROLE_DISPLAY_TYPE=affichage r\u00f4le DUPLICATE_ERROR=Un {1} nomm\u00e9 ''{0}'' existe d\u00e9j\u00e0! INVALID_NAME_ERROR=''{0}'' est un nom invalide pour un {1} : Ne peut pas \u00eatre null, vide ou contenir '\\', '<', '>', '(', ')', '=' ou '%5c'