[jboss-cvs] JBossAS SVN: r58841 - trunk/server/src/main/org/jboss/web

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Dec 4 13:09:45 EST 2006 

Author: anil.saldhana at jboss.com
Date: 2006-12-04 13:09:44 -0500 (Mon, 04 Dec 2006)
New Revision: 58841

Modified:
   trunk/server/src/main/org/jboss/web/WebPermissionMapping.java
Log:
merge fro JEE_TCK branch -r 57088:HEAD

Modified: trunk/server/src/main/org/jboss/web/WebPermissionMapping.java
===================================================================
--- trunk/server/src/main/org/jboss/web/WebPermissionMapping.java	2006-12-04 18:09:28 UTC (rev 58840)
+++ trunk/server/src/main/org/jboss/web/WebPermissionMapping.java	2006-12-04 18:09:44 UTC (rev 58841)
@@ -47,6 +47,7 @@
  * permission from a deployment's metadata.
  * 
  * @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at jboss.org
  * @version $Revision$
  */
 public class WebPermissionMapping
@@ -148,7 +149,8 @@
       Iterator iter = patternMap.values().iterator();
       while( iter.hasNext() )
       {
-         PatternInfo info = (PatternInfo) iter.next();
+         PatternInfo info = (PatternInfo) iter.next(); 
+         
          String qurl = info.getQualifiedPattern();
          if( info.isOverriden == true )
          {
@@ -166,6 +168,13 @@
                httpMethods, null);
             pc.addToExcludedPolicy(wrp);
             pc.addToExcludedPolicy(wudp);
+            
+            //!(excluded methods)  [JACC 1.1]
+            String excludedString = "!" + getCommaSeparatedString(httpMethods);
+            WebResourcePermission wrp1 = new WebResourcePermission(info.pattern, excludedString);
+            WebUserDataPermission wudp1 = new WebUserDataPermission(info.pattern,excludedString);
+            pc.addToUncheckedPolicy(wrp1);
+            pc.addToUncheckedPolicy(wudp1); 
          }
 
          // Create the role permissions
@@ -179,16 +188,20 @@
             methods.toArray(httpMethods);
             WebResourcePermission wrp = new WebResourcePermission(qurl, httpMethods);
             pc.addToRole(role, wrp);
+            
+            //JACC 1.1: create !(httpmethods) in unchecked perms
+            WebResourcePermission wrpUnchecked = new WebResourcePermission(info.pattern, 
+                          "!" + getCommaSeparatedString(httpMethods));
+            pc.addToUncheckedPolicy(wrpUnchecked);
          }
 
          // Create the unchecked permissions
-         String[] missingHttpMethods = info.getMissingMethods();
+         String[] missingHttpMethods = info.getMissingMethods(); 
          if( missingHttpMethods.length > 0 )
          {
             // Create the unchecked permissions WebResourcePermissions
             WebResourcePermission wrp = new WebResourcePermission(qurl, missingHttpMethods);
-            pc.addToUncheckedPolicy(wrp);
-
+            pc.addToUncheckedPolicy(wrp);  
          }
 
          // Create the unchecked permissions WebUserDataPermissions
@@ -202,6 +215,21 @@
             methods.toArray(httpMethods);
             WebUserDataPermission wudp = new WebUserDataPermission(qurl, httpMethods, transport);
             pc.addToUncheckedPolicy(wudp);
+            
+            //If the transport is "NONE", then add an exlusive WebUserDataPermission
+            //with the url pattern and null
+            if("NONE".equals(transport))
+            {
+               WebUserDataPermission wudp1 = new WebUserDataPermission(info.pattern, null);
+               pc.addToUncheckedPolicy(wudp1);
+            } 
+            else
+            {
+               //JACC 1.1: Transport is CONFIDENTIAL/INTEGRAL, add a !(http methods)
+               WebUserDataPermission wudpNonNull = new WebUserDataPermission(info.pattern, 
+                     "!" + getCommaSeparatedString(httpMethods));
+               pc.addToUncheckedPolicy(wudpNonNull);
+            }
          }
       }
 
@@ -209,14 +237,15 @@
       with all the cross product of servlets and security-role elements that
       are not referenced via a security-role-ref as described in JACC section
       3.1.3.2
-      */
-      Set unreferencedRoles = metaData.getSecurityRoleNames();
+      */ 
       Map servletRoleRefs = metaData.getSecurityRoleRefs();
       Iterator roleRefsIter = servletRoleRefs.keySet().iterator();
       while( roleRefsIter.hasNext() )
       {
          String servletName = (String) roleRefsIter.next();
          ArrayList roleRefs = (ArrayList) servletRoleRefs.get(servletName);
+         //Perform the unreferenced roles processing for every servlet name
+         Set unreferencedRoles = metaData.getSecurityRoleNames();
          for(int n = 0; n < roleRefs.size(); n ++)
          {
             SecurityRoleRefMetaData roleRef = (SecurityRoleRefMetaData) roleRefs.get(n);
@@ -232,7 +261,33 @@
             // Remove the role from the unreferencedRoles
             unreferencedRoles.remove(roleName);
          }
+         
+         //Spec 3.1.3.2: For each servlet element in the deployment descriptor 
+         //a WebRoleRefPermission must be added to each security-role of the 
+         //application whose name does not appear as the rolename 
+         //in a security-role-ref within the servlet element.  
+         Iterator unref = unreferencedRoles.iterator();
+         while(unref.hasNext())
+         {
+            String unrefRole = (String)unref.next();
+            WebRoleRefPermission unrefP = new WebRoleRefPermission(servletName,unrefRole);
+            pc.addToRole(unrefRole, unrefP);
+         }
       }
+
+      Set unreferencedRoles = metaData.getSecurityRoleNames();
+      //JACC 1.1:Spec 3.1.3.2: For each security-role defined in the deployment descriptor, an
+      //additional WebRoleRefPermission must be added to the corresponding role by
+      //calling the addToRole method on the PolicyConfiguration object. The
+      //name of all such permissions must be the empty string, and the actions of each
+      //such permission must be the role-name of the corresponding role.
+      Iterator unreferencedRolesIter = unreferencedRoles.iterator();
+      while(unreferencedRolesIter.hasNext())
+      {
+        String unreferencedRole = (String)unreferencedRolesIter.next();
+        WebRoleRefPermission wrrep = new WebRoleRefPermission("", unreferencedRole);
+        pc.addToRole(unreferencedRole, wrrep); 
+      }
       
       // Now build the cross product of the unreferencedRoles and servlets
       Set servletNames = metaData.getServletNames();
@@ -260,6 +315,20 @@
          pc.addToRole(role, wrrp);  
       } 
    }
+   
+   static String getCommaSeparatedString(String[] str)
+   {
+      int len = str.length; 
+      Arrays.sort(str);
+      
+      StringBuilder buf = new StringBuilder();
+      for(int i = 0; i < len ; i++)
+      {
+         if(i > 0) buf.append(",");
+         buf.append(str[i]);
+      }
+      return buf.toString();
+   }
 
    /**
     * Determine the url-pattern type
@@ -591,7 +660,7 @@
             httpMethods = WebSecurityMetaData.getMissingHttpMethods(allMethods);
          }
          return httpMethods;
-      }
+      } 
 
       /**
        * Add the qualifying pattern. If info is a prefix pattern that matches
@@ -672,7 +741,7 @@
             isExtensionFor = pattern.regionMatches(1, other.pattern, offset, length);
          }
          return isExtensionFor;
-      }
+      } 
 
       public String toString()
       {

More information about the jboss-cvs-commits mailing list