cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java

Mon, 19 Apr 2004 13:42:02 -0700 

luehe       2004/04/19 13:42:01

  Modified:    catalina/src/share/org/apache/catalina/realm RealmBase.java
  Log:
  Exempt welcome pages from any security-constraint checks.
  
  The Servlet 2.4 spec does not require this (and there are no CTS tests
  for this), but it seems like a reasonable enhancement. I was told that
  the upcoming maintenance release of the Servlet spec is going to
  clarify this.
  
  If this change is controversial, I'll back it out for the time being,
  until it is backed by the Servlet spec. Please let me know.
  
  Revision  Changes    Path
  1.31      +28 -3     
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
  
  Index: RealmBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -u -r1.30 -r1.31
  --- RealmBase.java    27 Feb 2004 14:58:45 -0000      1.30
  +++ RealmBase.java    19 Apr 2004 20:42:01 -0000      1.31
  @@ -411,7 +411,12 @@
           // Check each defined security constraint
           HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
           String uri = request.getRequestPathMB().toString();
  -        
  +
  +        // Welcome files are exempted from any security-constraint checks
  +        if (isWelcomeFile(uri, context)) {
  +            return null;
  +        }
  +
           String method = hreq.getMethod();
           int i;
           boolean found = false;
  @@ -582,7 +587,27 @@
           return array;
       }
   
  -    
  +
  +    /*
  +     * Returns true of the given <tt>uri</tt> identifies a welcome file.
  +     *
  +     * @param uri The URI to check against the context's list of welcome files
  +     * @param ctx The web context
  +     * 
  +     * @return true if the given <tt>uri</tt> identifies a welcome file,
  +     * false otherwise
  +     */
  +    private boolean isWelcomeFile(String uri, Context ctx) {
  +
  +        int slash = uri.indexOf('/');
  +        if (slash == 0 && uri.length() > 1) {
  +            return ctx.findWelcomeFile(uri.substring(1));
  +        } else {
  +            return false;
  +        }
  +    }
  +            
  + 
       /**
        * Perform access control based on the specified authorization constraint.
        * Return <code>true</code> if this constraint is satisfied and processing
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to