craigmcc 02/04/04 12:30:34
Modified: catalina/src/share/org/apache/catalina/core
StandardContext.java
catalina/src/share/org/apache/catalina/startup
ContextConfig.java LocalStrings.properties
webapps/admin/WEB-INF web.xml
webapps/examples/WEB-INF web.xml
webapps/manager/WEB-INF web.xml
Log:
When parsing web.xml files, log warnings if a security role name is used
in a <run-as>, <security-role-ref>, or <auth-constraint> element without
also being defined in a <security-role> element. For backwards compatibility
these are not considered fatal, although it is likely that they will be fatal
in Servlet 2.4.
Modify the web.xml files for packaged applications (admin, examples, and
manager) so that they properly define the security roles that they use.
Revision Changes Path
1.103 +5 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java
Index: StandardContext.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java,v
retrieving revision 1.102
retrieving revision 1.103
diff -u -r1.102 -r1.103
--- StandardContext.java 14 Mar 2002 21:41:35 -0000 1.102
+++ StandardContext.java 4 Apr 2002 20:30:34 -0000 1.103
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java,v
1.102 2002/03/14 21:41:35 remm Exp $
- * $Revision: 1.102 $
- * $Date: 2002/03/14 21:41:35 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java,v
1.103 2002/04/04 20:30:34 craigmcc Exp $
+ * $Revision: 1.103 $
+ * $Date: 2002/04/04 20:30:34 $
*
* ====================================================================
*
@@ -147,7 +147,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.102 $ $Date: 2002/03/14 21:41:35 $
+ * @version $Revision: 1.103 $ $Date: 2002/04/04 20:30:34 $
*/
public class StandardContext
@@ -1606,7 +1606,7 @@
String results[] =new String[securityRoles.length + 1];
for (int i = 0; i < securityRoles.length; i++)
results[i] = securityRoles[i];
- results[securityRoles.length] = name;
+ results[securityRoles.length] = role;
securityRoles = results;
}
fireContainerEvent("addSecurityRole", role);
1.61 +51 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startup/ContextConfig.java
Index: ContextConfig.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startup/ContextConfig.java,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- ContextConfig.java 14 Mar 2002 23:58:35 -0000 1.60
+++ ContextConfig.java 4 Apr 2002 20:30:34 -0000 1.61
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startup/ContextConfig.java,v
1.60 2002/03/14 23:58:35 craigmcc Exp $
- * $Revision: 1.60 $
- * $Date: 2002/03/14 23:58:35 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startup/ContextConfig.java,v
1.61 2002/04/04 20:30:34 craigmcc Exp $
+ * $Revision: 1.61 $
+ * $Date: 2002/04/04 20:30:34 $
*
* ====================================================================
*
@@ -131,7 +131,7 @@
* of that Context, and the associated defined servlets.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.60 $ $Date: 2002/03/14 23:58:35 $
+ * @version $Revision: 1.61 $ $Date: 2002/04/04 20:30:34 $
*/
public final class ContextConfig
@@ -593,6 +593,9 @@
// Process the default and application web.xml files
defaultConfig();
applicationConfig();
+ if (ok) {
+ validateSecurityRoles();
+ }
// Scan tag library descriptor files for additional listener classes
if (ok) {
@@ -1049,6 +1052,50 @@
// Return the completed set
return (resourcePaths);
+
+ }
+
+
+ /**
+ * Validate the usage of security role names in the web application
+ * deployment descriptor. If any problems are found, issue warning
+ * messages (for backwards compatibility) and add the missing roles.
+ * (To make these problems fatal instead, simply set the <code>ok</code>
+ * instance variable to <code>false</code> as well).
+ */
+ private void validateSecurityRoles() {
+
+ // Check role names used in <security-constraint> elements
+ SecurityConstraint constraints[] = context.findConstraints();
+ for (int i = 0; i < constraints.length; i++) {
+ String roles[] = constraints[i].findAuthRoles();
+ for (int j = 0; j < roles.length; j++) {
+ if (!"*".equals(roles[j]) &&
+ !context.findSecurityRole(roles[j])) {
+ log(sm.getString("contextConfig.role.auth", roles[j]));
+ context.addSecurityRole(roles[j]);
+ }
+ }
+ }
+
+ // Check role names used in <servlet> elements
+ Container wrappers[] = context.findChildren();
+ for (int i = 0; i < wrappers.length; i++) {
+ Wrapper wrapper = (Wrapper) wrappers[i];
+ String runAs = wrapper.getRunAs();
+ if ((runAs != null) && !context.findSecurityRole(runAs)) {
+ log(sm.getString("contextConfig.role.runas", runAs));
+ context.addSecurityRole(runAs);
+ }
+ String names[] = wrapper.findSecurityReferences();
+ for (int j = 0; j < names.length; j++) {
+ String link = wrapper.findSecurityReference(names[j]);
+ if ((link != null) && !context.findSecurityRole(link)) {
+ log(sm.getString("contextConfig.role.link", link));
+ context.addSecurityRole(link);
+ }
+ }
+ }
}
1.15 +3 -0
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startup/LocalStrings.properties
Index: LocalStrings.properties
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startup/LocalStrings.properties,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- LocalStrings.properties 14 Mar 2002 23:58:35 -0000 1.14
+++ LocalStrings.properties 4 Apr 2002 20:30:34 -0000 1.15
@@ -17,6 +17,9 @@
contextConfig.defaultParse=Parse error in default web.xml
contextConfig.defaultPosition=Occurred at line {0} column {1}
contextConfig.missingRealm=No Realm has been configured to authenticate against
+contextConfig.role.auth=WARNING: Security role name {0} used in an
<auth-constraint> without being defined in a <security-role>
+contextConfig.role.link=WARNING: Security role name {0} used in a <role-link>
without being defined in a <security-role>
+contextConfig.role.runas=WARNING: Security role name {0} used in a <run-as> without
being defined in a <security-role>
contextConfig.start=ContextConfig: Processing START
contextConfig.stop=ContextConfig: Processing STOP
contextConfig.tldEntryException=Exception processing TLD {0} in JAR at resource
path {1}
1.10 +8 -0 jakarta-tomcat-4.0/webapps/admin/WEB-INF/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/web.xml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- web.xml 10 Feb 2002 03:14:11 -0000 1.9
+++ web.xml 4 Apr 2002 20:30:34 -0000 1.10
@@ -105,4 +105,12 @@
</form-login-config>
</login-config>
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to the Administration Application
+ </description>
+ <role-name>admin</role-name>
+ </security-role>
+
</web-app>
1.21 +8 -0 jakarta-tomcat-4.0/webapps/examples/WEB-INF/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/examples/WEB-INF/web.xml,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- web.xml 9 Sep 2001 04:00:08 -0000 1.20
+++ web.xml 4 Apr 2002 20:30:34 -0000 1.21
@@ -222,6 +222,14 @@
</form-login-config>
</login-config>
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <role-name>role1</role-name>
+ </security-role>
+ <security-role>
+ <role-name>tomcat</role-name>
+ </security-role>
+
<!-- Environment entry examples -->
<!--env-entry>
<env-entry-description>
1.4 +8 -0 jakarta-tomcat-4.0/webapps/manager/WEB-INF/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/manager/WEB-INF/web.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- web.xml 27 Aug 2001 20:57:21 -0000 1.3
+++ web.xml 4 Apr 2002 20:30:34 -0000 1.4
@@ -45,4 +45,12 @@
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>
+ The role that is required to log in to the Manager Application
+ </description>
+ <role-name>manager</role-name>
+ </security-role>
+
</web-app>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
