Hi,
I've been refactoring the piece of code I sent last time, and I've got that
now :
- the following method just replaces the
findSecurityConstraints(HttpRequest request, Context context) method in
RealmBase
- there is this static Map cache which caches the fake Constraints
mapped to (URI, http-method) couples to add
- lastly, the matchPattern(String path, String pattern) must be made
public.
It works OK for me, hope it helps
Philippe Leothaud
private static Map cache = new HashMap();
private final static String NULL_CONSTRAINT = "";
/**
* Retrieve from cache or build and return a custom
<code>SecurityConstraint</code> merging all valid
* <code>SecurityConstraint</code>s for the given method and URI, or
<code>null</code>
* if there is no such <code>SecurityConstraint</code>
*
* @param allConstraints : all the <code>SecurityConstraint</code>s defined
in <code>web.xml</code>
* @param req : the request of the User
*
* @return : the custom
<code>SecurityConstraint</code>, wrapped in an array of
* <code>SecurityConstraint</code>s
(to not break AuthenticatorBase and RealmBase API)
*/
public SecurityConstraint[] findSecurityConstraints(HttpRequest request,
Context context) {
// Get allConstraints Context
SecurityConstraint allConstraints[] = context.findConstraints();
if ((allConstraints == null) || (allConstraints.length == 0)) {
if (log.isDebugEnabled())
log.debug(" No applicable constraints defined");
return (null);
}
// Get URI and method from request
HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
String requestURI = request.getDecodedRequestURI();
String contextPath = hreq.getContextPath();
if (contextPath.length() > 0)
requestURI = requestURI.substring(contextPath.length());
String method = hreq.getMethod();
if ((allConstraints == null) || (allConstraints.length == 0)) {
if (log.isDebugEnabled())
log.debug(" No applicable constraints defined");
return (null);
}
// Did we already do the job ?
Object cached = cache.get(requestURI + "::" + method);
// No : let's work a bit
if(cached == null) {
// Determining valid constraints, checking the constraints' url-patterns
against the given requestURI
Map constraintsAndCollections = null;
String bestMatch = "";
for (int i = 0; i < allConstraints.length; i++) {
String constraintBestMatch = "";
SecurityCollection[] collections = allConstraints[i].findCollections();
for (int j = 0; j < collections.length; j++) {
String patterns[] = collections[j].findPatterns();
for (int k = 0; k < patterns.length; k++)
if (allConstraints[i].matchPattern(requestURI, patterns[k])
&& patterns[k].length() > bestMatch.length())
bestMatch = patterns[k];
}
if (constraintBestMatch.length() > bestMatch.length())
bestMatch = constraintBestMatch;
}
for (int i = 0; i < allConstraints.length; i++) {
SecurityCollection[] collections = allConstraints[i].findCollections();
List matchingWebCollections = null;
for (int j = 0; j < collections.length; j++) {
String patterns[] = collections[j].findPatterns();
for (int k = 0; k < patterns.length; k++) {
if (bestMatch.equals(patterns[k])) {
if(matchingWebCollections == null)
matchingWebCollections = new ArrayList();
matchingWebCollections.add(collections[j]);
break;
}
}
}
if (matchingWebCollections != null) {
if (constraintsAndCollections == null)
constraintsAndCollections = new HashMap();
constraintsAndCollections.put(allConstraints[i],
matchingWebCollections);
}
}
if (constraintsAndCollections == null) {
cache.put(requestURI + "::" + method, NULL_CONSTRAINT);
return null;
}
// Determining valid constraints, checking the constraints' constrained
methods against the given method
Set matchingConstraints = constraintsAndCollections.keySet();
Iterator matchingConstraintsIterator = matchingConstraints.iterator();
while (matchingConstraintsIterator.hasNext()) {
SecurityConstraint constraint = (SecurityConstraint)
matchingConstraintsIterator.next();
List matchingWebCollections = (List)
constraintsAndCollections.get(constraint);
Iterator matchingWebCollectionsIterator =
matchingWebCollections.iterator();
boolean methodIsProtected = false;
while (matchingWebCollectionsIterator.hasNext()) {
SecurityCollection collection = (SecurityCollection)
matchingWebCollectionsIterator.next();
String[] constrainedMethods = collection.findMethods();
if (constrainedMethods == null || constrainedMethods.length == 0) {
methodIsProtected = true;
break;
}
for (int i = 0; i < constrainedMethods.length; i++) {
if (method.equals(constrainedMethods[i])) {
methodIsProtected = true;
break;
}
}
if (methodIsProtected)
break;
}
if (!methodIsProtected)
matchingConstraintsIterator.remove();
}
if (matchingConstraints.size() == 0) {
cache.put(requestURI + "::" + method, NULL_CONSTRAINT);
return null;
}
// Determining the global userConstraints
SecurityConstraint mergedSecurityConstraint = new SecurityConstraint();
mergedSecurityConstraint.setUserConstraint("INTEGRAL");
Iterator iter = matchingConstraints.iterator();
while (iter.hasNext()) {
SecurityConstraint constraint = (SecurityConstraint) iter.next();
String userConstraint = constraint.getUserConstraint();
if (userConstraint == null || userConstraint.equals("NONE")) {
mergedSecurityConstraint.setUserConstraint("NONE");
break;
} else if (userConstraint.equals("CONFIDENTIAL")) {
mergedSecurityConstraint.setUserConstraint("CONFIDENTIAL");
}
}
// Determining the global authConstraints
Iterator iter2 = matchingConstraints.iterator();
while (iter2.hasNext()) {
SecurityConstraint constraint = (SecurityConstraint) iter2.next();
mergedSecurityConstraint.setAuthConstraint(true);
String[] groups = new String[0];
if (constraint.getAuthConstraint()) {
String[] roleNames = constraint.findAuthRoles();
if (roleNames == null || roleNames.length == 0) {
mergedSecurityConstraint.setAuthConstraint(true);
String[] attributedRoles = mergedSecurityConstraint.findAuthRoles();
for (int nbRoles = 0; nbRoles < attributedRoles.length; nbRoles++) {
mergedSecurityConstraint.removeAuthRole(attributedRoles[nbRoles]);
}
break;
} else {
if (!mergedSecurityConstraint.getAuthConstraint() ||
mergedSecurityConstraint.getAllRoles())
continue;
mergedSecurityConstraint.setAuthConstraint(true);
if (constraint.getAllRoles()) {
mergedSecurityConstraint.addAuthRole("*");
continue;
}
for (int j = 0; j < roleNames.length; j++) {
String roleName = roleNames[j];
for (int k = 0; k < groups.length; k++)
if (roleName.equals(groups[k]))
break;
mergedSecurityConstraint.addAuthRole(roleNames[j]);
}
}
} else
mergedSecurityConstraint.setAuthConstraint(false);
}
// build a fake SecurityCollection encapsulated in the global
mergedSecurityConstraint
SecurityCollection fakeCollection = new SecurityCollection(requestURI +
"::" + method);
fakeCollection.addMethod(method);
fakeCollection.addPattern(requestURI);
mergedSecurityConstraint.setDisplayName(requestURI + "::" + method);
mergedSecurityConstraint.addCollection(fakeCollection);
// map the mergedSecurityConstraint to the (URI, method) and cache
cache.put(requestURI + "::" + method, mergedSecurityConstraint);
return new SecurityConstraint[] { mergedSecurityConstraint };
}
else if (cached.equals(NULL_CONSTRAINT)) {
return null;
}
else {
return new SecurityConstraint[] { (SecurityConstraint) cached };
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
