From 28e8c93bebce53e45c6e7eabdbc01a56099fc296 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 22 Jul 2005 00:20:54 +0000 Subject: [PATCH] Changes to exception handling, and some additional validation of web.xml content. --- .../src/java/acegifier/WebXmlConverter.java | 42 +++++++++++++------ .../acegifier/web/AcegifierController.java | 19 +++++---- .../test/acegifier/WebXmlConverterTests.java | 1 + samples/acegifier/src/test/test-web.xml | 18 -------- .../webapp/WEB-INF/classes/web-to-spring.xsl | 1 + 5 files changed, 42 insertions(+), 39 deletions(-) diff --git a/samples/acegifier/src/java/acegifier/WebXmlConverter.java b/samples/acegifier/src/java/acegifier/WebXmlConverter.java index 5676f5b23b..3f815e8f30 100644 --- a/samples/acegifier/src/java/acegifier/WebXmlConverter.java +++ b/samples/acegifier/src/java/acegifier/WebXmlConverter.java @@ -5,17 +5,16 @@ import org.springframework.util.Assert; import org.dom4j.Document; import org.dom4j.DocumentHelper; import org.dom4j.DocumentException; +import org.dom4j.Node; import org.dom4j.io.SAXReader; import org.dom4j.io.DocumentSource; import org.dom4j.io.DocumentResult; -import javax.xml.transform.Source; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; +import javax.xml.transform.*; import javax.xml.transform.stream.StreamSource; import java.io.IOException; import java.io.InputStream; +import java.util.List; /** * A utility to translate a web.xml file into a set of acegi security spring beans. @@ -47,7 +46,7 @@ public class WebXmlConverter { /** The results of the conversion */ private Document newWebXml, acegiBeansXml; - public WebXmlConverter() throws Exception { + public WebXmlConverter() throws IOException, TransformerConfigurationException { TransformerFactory tf = TransformerFactory.newInstance(); acegiSecurityTransformer = tf.newTransformer(createTransformerSource(WEB_TO_SPRING_XSL_FILE)); @@ -81,15 +80,35 @@ public class WebXmlConverter { /** Set the input as an xml string */ public void setInput(String xml) throws DocumentException { - Document document = DocumentHelper.parseText(xml); + setInput(DocumentHelper.parseText(xml)); + } + + /** Set the input as a stream */ + public void setInput(InputStream in) throws DocumentException { + SAXReader reader = new SAXReader(); + setInput(reader.read(in)); + } + + /** set the input as a dom4j document */ + public void setInput(Document document) throws DocumentException { + validateWebXml(document); xmlSource = new DocumentSource(document); } - /** set the input as an InputStream */ - public void setInput(InputStream xmlIn) throws Exception { - SAXReader reader = new SAXReader(); - Document document = reader.read(xmlIn); - xmlSource = new DocumentSource(document); + /** Checks the web.xml to make sure it contains correct data */ + private void validateWebXml(Document document) throws DocumentException { + Node authMethodNode = + document.selectSingleNode("/web-app/login-config/auth-method"); + if(authMethodNode == null) + throw new DocumentException("login-config and auth-method must be present"); + String authMethod = authMethodNode.getStringValue().toUpperCase(); + if(!authMethod.equals("BASIC") && !authMethod.equals("FORM")) { + throw new DocumentException("unsupported auth-method: " + authMethod); + } + List roles = document.selectNodes("/web-app/security-role"); + if(roles.isEmpty()) { + throw new DocumentException("Each role used must be defined in a security-role element"); + } } public String getAcegiOutputFileName() { @@ -112,5 +131,4 @@ public class WebXmlConverter { public Document getAcegiBeans() { return acegiBeansXml; } - } diff --git a/samples/acegifier/src/java/acegifier/web/AcegifierController.java b/samples/acegifier/src/java/acegifier/web/AcegifierController.java index 2b5db165b9..6403dde9b3 100644 --- a/samples/acegifier/src/java/acegifier/web/AcegifierController.java +++ b/samples/acegifier/src/java/acegifier/web/AcegifierController.java @@ -8,14 +8,15 @@ import org.springframework.beans.factory.support.DefaultListableBeanFactory; import org.springframework.beans.factory.xml.XmlBeanDefinitionReader; import org.springframework.beans.BeansException; import net.sf.acegisecurity.util.InMemoryResource; -import org.xml.sax.SAXParseException; + import org.dom4j.Document; +import org.dom4j.DocumentException; import org.dom4j.io.XMLWriter; import org.dom4j.io.OutputFormat; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.ByteArrayInputStream; +import javax.xml.transform.TransformerException; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.HashMap; @@ -41,20 +42,20 @@ public class AcegifierController extends SimpleFormController { throws Exception { AcegifierForm conversion = (AcegifierForm)command; - ByteArrayInputStream in = new ByteArrayInputStream(conversion.getWebXml().getBytes()); - WebXmlConverter converter = null; + WebXmlConverter converter = new WebXmlConverter(); int nBeans = 0; Document newWebXml = null, acegiBeans = null; try { - converter = new WebXmlConverter(); - converter.setInput(in); + converter.setInput(conversion.getWebXml()); converter.doConversion(); newWebXml = converter.getNewWebXml(); acegiBeans = converter.getAcegiBeans(); nBeans = validateAcegiBeans(conversion, acegiBeans, errors); - } catch (SAXParseException spe) { - errors.rejectValue("webXml","parseFailure","Your Web XML Document failed to parse: " + spe.getMessage()); + } catch (DocumentException de) { + errors.rejectValue("webXml","webXmlDocError","There was a problem with your web.xml: " + de.getMessage()); + } catch (TransformerException te) { + errors.rejectValue("webXml","transFailure","There was an error during the XSL transformation: " + te.getMessage()); } if(errors.hasErrors()) { @@ -85,7 +86,7 @@ public class AcegifierController extends SimpleFormController { * Validates the acegi beans, based on the input form data, and returns the number * of spring beans defined in the document. */ - private int validateAcegiBeans(AcegifierForm conversion, Document beans, Errors errors) throws IOException { + private int validateAcegiBeans(AcegifierForm conversion, Document beans, Errors errors) { DefaultListableBeanFactory bf = createBeanFactory(beans); //TODO: actually do some proper validation! diff --git a/samples/acegifier/src/test/acegifier/WebXmlConverterTests.java b/samples/acegifier/src/test/acegifier/WebXmlConverterTests.java index 00438fea2b..9e1dd27ada 100644 --- a/samples/acegifier/src/test/acegifier/WebXmlConverterTests.java +++ b/samples/acegifier/src/test/acegifier/WebXmlConverterTests.java @@ -64,6 +64,7 @@ public class WebXmlConverterTests extends TestCase { assertNotNull(sef); assertNotNull(sef.getAuthenticationEntryPoint()); FilterSecurityInterceptor fsi = sef.getFilterSecurityInterceptor(); + System.out.println(prettyPrint(converter.getNewWebXml())); System.out.println(prettyPrint(converter.getAcegiBeans())); } diff --git a/samples/acegifier/src/test/test-web.xml b/samples/acegifier/src/test/test-web.xml index a3968585a0..452b2b9b3c 100644 --- a/samples/acegifier/src/test/test-web.xml +++ b/samples/acegifier/src/test/test-web.xml @@ -88,24 +88,6 @@ - - - /acegilogin.jsp* - - - * - - - - - - /* - - - user - - - form diff --git a/samples/acegifier/src/webapp/WEB-INF/classes/web-to-spring.xsl b/samples/acegifier/src/webapp/WEB-INF/classes/web-to-spring.xsl index 0d23ce899b..2a041ebc36 100644 --- a/samples/acegifier/src/webapp/WEB-INF/classes/web-to-spring.xsl +++ b/samples/acegifier/src/webapp/WEB-INF/classes/web-to-spring.xsl @@ -248,6 +248,7 @@ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT + /*=ROLE_ANONYMOUS