Author: markt
Date: Tue Dec 29 21:21:59 2009
New Revision: 894483
URL: http://svn.apache.org/viewvc?rev=894483&view=rev
Log:
Add support for http-method-omission
Modified:
tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java
tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java
tomcat/trunk/java/org/apache/catalina/startup/WebXml.java
Modified: tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties Tue Dec
29 21:21:59 2009
@@ -115,6 +115,7 @@
standardContext.reloadingFailed=Reloading this Context failed due to previous
errors
standardContext.reloadingStarted=Reloading Context with path [{0}] has started
standardContext.resourcesStart=Error starting static Resources
+standardContext.securityConstraint.mixHttpMethod=It is not permitted to mix
<http-method> and <http-method-omission> in the same web resource collection
standardContext.securityConstraint.pattern=Invalid <url-pattern> {0} in
security constraint
standardContext.servletMap.name=Servlet mapping specifies an unknown servlet
name {0}
standardContext.servletMap.pattern=Invalid <url-pattern> {0} in servlet mapping
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Tue Dec 29
21:21:59 2009
@@ -2287,6 +2287,11 @@
("standardContext.securityConstraint.pattern",
patterns[j]));
}
+ if (collections[i].findMethods().length > 0 &&
+ collections[i].findOmittedMethods().length > 0) {
+ throw new IllegalArgumentException(sm.getString(
+ "standardContext.securityConstraint.mixHttpMethod"));
+ }
}
// Add this constraint to the set for our web application
Modified: tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/deploy/SecurityCollection.java Tue
Dec 29 21:21:59 2009
@@ -93,12 +93,17 @@
/**
- * The HTTP methods covered by this web resource collection.
+ * The HTTP methods explicitly covered by this web resource collection.
*/
private String methods[] = new String[0];
/**
+ * The HTTP methods explicitly excluded from this web resource collection.
+ */
+ private String omittedMethods[] = new String[0];
+
+ /**
* The name of this web resource collection.
*/
private String name = null;
@@ -161,7 +166,8 @@
/**
- * Add an HTTP request method to be part of this web resource collection.
+ * Add an HTTP request method to be explicitly part of this web resource
+ * collection.
*/
public void addMethod(String method) {
@@ -177,6 +183,20 @@
/**
+ * Add an HTTP request method to the methods explicitly excluded from this
+ * web resource collection.
+ */
+ public void addOmittedMethod(String method) {
+ if (method == null)
+ return;
+ String results[] = new String[omittedMethods.length + 1];
+ for (int i = 0; i < omittedMethods.length; i++)
+ results[i] = omittedMethods[i];
+ results[omittedMethods.length] = method;
+ omittedMethods = results;
+ }
+
+ /**
* Add a URL pattern to be part of this web resource collection.
*/
public void addPattern(String pattern) {
@@ -184,12 +204,12 @@
if (pattern == null)
return;
- pattern = RequestUtil.URLDecode(pattern);
+ String decodedPattern = RequestUtil.URLDecode(pattern);
String results[] = new String[patterns.length + 1];
for (int i = 0; i < patterns.length; i++) {
results[i] = patterns[i];
}
- results[patterns.length] = pattern;
+ results[patterns.length] = decodedPattern;
patterns = results;
}
@@ -203,21 +223,29 @@
*/
public boolean findMethod(String method) {
- if (methods.length == 0)
+ if (methods.length == 0 && omittedMethods.length == 0)
return (true);
- for (int i = 0; i < methods.length; i++) {
- if (methods[i].equals(method))
- return (true);
+ if (methods.length > 0) {
+ for (int i = 0; i < methods.length; i++) {
+ if (methods[i].equals(method))
+ return true;
+ }
+ return false;
}
- return (false);
-
+ if (omittedMethods.length > 0) {
+ for (int i = 0; i < omittedMethods.length; i++) {
+ if (omittedMethods[i].equals(method))
+ return false;
+ }
+ }
+ return true;
}
/**
* Return the set of HTTP request methods that are part of this web
- * resource collection, or a zero-length array if all request methods
- * are included.
+ * resource collection, or a zero-length array if no methods have been
+ * explicitly included.
*/
public String[] findMethods() {
@@ -227,6 +255,18 @@
/**
+ * Return the set of HTTP request methods that are explicitly excluded from
+ * this web resource collection, or a zero-length array if no request
+ * methods are excluded.
+ */
+ public String[] findOmittedMethods() {
+
+ return (omittedMethods);
+
+ }
+
+
+ /**
* Is the specified pattern part of this web resource collection?
*
* @param pattern Pattern to be compared
@@ -285,6 +325,36 @@
/**
+ * Remove the specified HTTP request method from those that are explicitly
+ * excluded from this web resource collection.
+ *
+ * @param method Request method to be removed
+ */
+ public void removeOmittedMethod(String method) {
+
+ if (method == null)
+ return;
+ int n = -1;
+ for (int i = 0; i < omittedMethods.length; i++) {
+ if (omittedMethods[i].equals(method)) {
+ n = i;
+ break;
+ }
+ }
+ if (n >= 0) {
+ int j = 0;
+ String results[] = new String[omittedMethods.length - 1];
+ for (int i = 0; i < omittedMethods.length; i++) {
+ if (i != n)
+ results[j++] = omittedMethods[i];
+ }
+ omittedMethods = results;
+ }
+
+ }
+
+
+ /**
* Remove the specified URL pattern from those that are part of this
* web resource collection.
*
Modified: tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/WebRuleSet.java Tue Dec 29
21:21:59 2009
@@ -337,6 +337,8 @@
"org.apache.catalina.deploy.SecurityCollection");
digester.addCallMethod(fullPrefix +
"/security-constraint/web-resource-collection/http-method",
"addMethod", 0);
+ digester.addCallMethod(fullPrefix +
"/security-constraint/web-resource-collection/http-method-omission",
+ "addOmittedMethod", 0);
digester.addCallMethod(fullPrefix +
"/security-constraint/web-resource-collection/url-pattern",
"addPattern", 0);
digester.addCallMethod(fullPrefix +
"/security-constraint/web-resource-collection/web-resource-name",
Modified: tomcat/trunk/java/org/apache/catalina/startup/WebXml.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/WebXml.java?rev=894483&r1=894482&r2=894483&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/startup/WebXml.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/WebXml.java Tue Dec 29
21:21:59 2009
@@ -734,6 +734,9 @@
for (String method : collection.findMethods()) {
appendElement(sb, INDENT6, "http-method", method);
}
+ for (String method : collection.findOmittedMethods()) {
+ appendElement(sb, INDENT6, "http-method-omission", method);
+ }
sb.append(" </web-resource-collection>\n");
}
if (constraint.findAuthRoles().length > 0) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
