[jboss-cvs] JBossAS SVN: r59163 - trunk/j2ee/src/main/javax/security/jacc
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Dec 19 17:51:38 EST 2006
Author: anil.saldhana at jboss.com
Date: 2006-12-19 17:51:37 -0500 (Tue, 19 Dec 2006)
New Revision: 59163
Modified:
trunk/j2ee/src/main/javax/security/jacc/WebResourcePermission.java
trunk/j2ee/src/main/javax/security/jacc/WebUserDataPermission.java
Log:
use exclusion list based on jacc 1.1
Modified: trunk/j2ee/src/main/javax/security/jacc/WebResourcePermission.java
===================================================================
--- trunk/j2ee/src/main/javax/security/jacc/WebResourcePermission.java 2006-12-19 21:19:56 UTC (rev 59162)
+++ trunk/j2ee/src/main/javax/security/jacc/WebResourcePermission.java 2006-12-19 22:51:37 UTC (rev 59163)
@@ -45,6 +45,7 @@
*
*
* @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at jboss.org
* @author Ron Monzillo, Gary Ellison (javadoc)
* @version $Revision$
*/
@@ -80,6 +81,8 @@
private transient URLPatternSpec urlSpec;
private transient String httpMethodsString;
private transient TreeSet httpMethods;
+ private transient TreeSet httpExceptionList;
+ private transient String httpExceptionString;
/** Creates a new WebResourcePermission from the HttpServletRequest object.
*
@@ -134,11 +137,11 @@
HTTPMethod ::= "GET" | "POST" | "PUT" | "DELETE" | "HEAD" |
"OPTIONS" | "TRACE"
-
- HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod
+
+ HTTPMethodExceptionList ::= exclaimationPoint HTTPMethodList
+ HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod
+ HTTPMethodSpec ::= null | emptyString | HTTPMethodExceptionList | HTTPMethodList
- HTTPMethodSpec ::= null | HTTPMethodList
-
If duplicates occur in the HTTPMethodSpec they must be eliminated by the
permission constructor.
@@ -204,10 +207,17 @@
*/
public boolean equals(Object p)
{
- boolean equals = false;
+ //boolean equals = false;
if( p == null || !(p instanceof WebResourcePermission) )
return false;
WebResourcePermission perm = (WebResourcePermission) p;
+
+ /**
+ * Two permissions p1 and p2 are equivalent if and only if p1.implies(p2)
+ * and p2.implies(p1)
+ */
+ return this.implies(perm) && perm.implies(this);
+ /*
equals = urlSpec.equals(perm.urlSpec);
if( equals == true )
{
@@ -215,7 +225,7 @@
String a1 = perm.getActions();
equals = (a0 != null && a0.equals(a1)) || (a0 == a1);
}
- return equals;
+ return equals;*/
}
/** Returns a canonical String representation of the actions of this
@@ -297,9 +307,11 @@
boolean implies = urlSpec.implies(perm.urlSpec);
if( implies == true )
{
- // Check the http methods
- if( httpMethods != null )
- implies = httpMethods.containsAll(perm.httpMethods);
+ if(httpExceptionList != null)
+ implies = matchExceptionList(httpExceptionList, perm.httpExceptionList);
+ //Check the http methods
+ if( httpMethods != null && perm.httpMethods != null)
+ implies = httpMethods.containsAll(perm.httpMethods);
}
return implies;
@@ -389,9 +401,21 @@
// Private -------------------------------------------------------
private void parseActions(String actions)
{
+ boolean exclusionListNeeded = actions != null && actions.startsWith("!");
+ if(exclusionListNeeded)
+ actions = actions.substring(1);
+
Object[] methodInfo = canonicalMethods(actions);
- this.httpMethods = (TreeSet) methodInfo[0];
- this.httpMethodsString = (String) methodInfo[1];
+ if(exclusionListNeeded)
+ {
+ this.httpExceptionList = (TreeSet) methodInfo[0];
+ this.httpExceptionString = (String) methodInfo[1];
+ }
+ else
+ {
+ this.httpMethods = (TreeSet) methodInfo[0];
+ this.httpMethodsString = (String) methodInfo[1];
+ }
}
private void readObject(ObjectInputStream ois)
@@ -408,5 +432,25 @@
ObjectOutputStream.PutField fields = oos.putFields();
fields.put("actions", this.getActions());
oos.writeFields();
+ }
+
+ static boolean matchExceptionList(TreeSet<String> myExceptionList,
+ TreeSet<String> matchingExceptionList)
+ {
+ boolean bothnull = (myExceptionList == null && matchingExceptionList == null);
+ boolean onenull = (myExceptionList == null && matchingExceptionList != null)
+ || (myExceptionList != null && matchingExceptionList == null);
+
+ if(bothnull)
+ return true;
+ if(onenull)
+ return false;
+
+ for(String httpMethod: matchingExceptionList)
+ {
+ if(myExceptionList.contains(httpMethod))
+ return false;
+ }
+ return true;
}
}
Modified: trunk/j2ee/src/main/javax/security/jacc/WebUserDataPermission.java
===================================================================
--- trunk/j2ee/src/main/javax/security/jacc/WebUserDataPermission.java 2006-12-19 21:19:56 UTC (rev 59162)
+++ trunk/j2ee/src/main/javax/security/jacc/WebUserDataPermission.java 2006-12-19 22:51:37 UTC (rev 59163)
@@ -41,6 +41,7 @@
* @link http://java.sun.com/j2ee/1.4/docs/api/
*
* @author Scott.Stark at jboss.org
+ * @author Anil.Saldhana at jboss.org
* @author Ron Monzillo, Gary Ellison (javadoc)
* @version $Revision$
*/
@@ -69,6 +70,8 @@
private transient String httpMethodsString;
private transient String transportType;
private transient TreeSet httpMethods;
+ private transient TreeSet httpExceptionList;
+ private transient String httpExceptionString;
/** Creates a new WebUserDataPermission from the HttpServletRequest object.
*
@@ -126,8 +129,11 @@
HTTPMethodList ::= HTTPMethod | HTTPMethodList comma HTTPMethod
- HTTPMethodSpec ::= emptyString | HTTPMethodList
+ HTTPMethodExceptionList ::= exclaimationPoint HTTPMethodList
+ HTTPMethodSpec ::= emptyString | HTTPMethodExceptionList |
+ HTTPMethodList
+
transportType ::= "INTEGRAL" | "CONFIDENTIAL" | "NONE"
actions ::= null | HTTPMethodSpec |
@@ -211,18 +217,23 @@
*/
public boolean equals(Object p)
{
- boolean equals = false;
+ //boolean equals = false;
if( p == null || !(p instanceof WebUserDataPermission) )
return false;
WebUserDataPermission perm = (WebUserDataPermission) p;
- equals = urlSpec.equals(perm.urlSpec);
+ /**
+ * Two Permission objects, P1 and P2, are equivalent
+ * if and only if P1.implies(P2) && P2.implies(P1).
+ */
+ return this.implies(perm) && perm.implies(this);
+ /*equals = urlSpec.equals(perm.urlSpec);
if( equals == true )
{
String a0 = getActions();
String a1 = perm.getActions();
equals = (a0 != null && a0.equals(a1)) || (a0 == a1);
}
- return equals;
+ return equals;*/
}
/** Returns a canonical String representation of the actions of this
@@ -337,14 +348,17 @@
boolean implies = urlSpec.implies(perm.urlSpec);
if( implies == true )
{
- // Check the http methods
- if( httpMethods != null )
- implies = httpMethods.containsAll(perm.httpMethods);
+ if(httpExceptionList != null)
+ implies = WebResourcePermission.matchExceptionList(httpExceptionList,
+ perm.httpExceptionList);
+ //Check the http methods
+ if( httpMethods != null && perm.httpMethods != null)
+ implies = httpMethods.containsAll(perm.httpMethods);
// Check the transport guarentee
if( implies == true && transportType != null )
implies = transportType.equals(perm.transportType);
- }
-
+ }
+
return implies;
}
@@ -377,9 +391,19 @@
actions = actions.substring(0, colon);
}
}
+ boolean exceptionListNeeded = actions != null && actions.startsWith("!");
+
Object[] methodInfo = WebResourcePermission.canonicalMethods(actions);
- this.httpMethods = (TreeSet) methodInfo[0];
- this.httpMethodsString = (String) methodInfo[1];
+ if(exceptionListNeeded)
+ {
+ this.httpExceptionList = (TreeSet) methodInfo[0];
+ this.httpExceptionString = (String) methodInfo[1];
+ }
+ else
+ {
+ this.httpMethods = (TreeSet) methodInfo[0];
+ this.httpMethodsString = (String) methodInfo[1];
+ }
}
private void readObject(ObjectInputStream ois)
More information about the jboss-cvs-commits
mailing list