Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-09 06:50:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-551: Convert RegExpBasedFilterInvocationDefinitionMap and DaoX509AuthoritiesPopulator to use JDK regexps. Removed ORO dependency from the project.

Browse Source
This commit is contained in:
Luke Taylor 2007-09-10 23:09:36 +00:00
parent 6eb17c8546
commit 448e8cfb42
5 changed files with 25 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/pom.xml
View File

@ -77,11 +77,6 @@
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
<version>1.3</version> <version>1.3</version>
</dependency> </dependency>
<dependency>
<groupId>oro</groupId>
<artifactId>oro</artifactId>
<version>2.0.8</version>
</dependency>
<dependency> <dependency>
<groupId>commons-collections</groupId> <groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId> <artifactId>commons-collections</artifactId>

32
core/src/main/java/org/acegisecurity/intercept/web/RegExpBasedFilterInvocationDefinitionMap.java
View File

@ -20,17 +20,13 @@ import org.acegisecurity.ConfigAttributeDefinition;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.oro.text.regex.MalformedPatternException;
import org.apache.oro.text.regex.Pattern;
import org.apache.oro.text.regex.PatternMatcher;
import org.apache.oro.text.regex.Perl5Compiler;
import org.apache.oro.text.regex.Perl5Matcher;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.Vector; import java.util.Vector;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
/** /**
@ -57,21 +53,13 @@ public class RegExpBasedFilterInvocationDefinitionMap extends AbstractFilterInvo
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public void addSecureUrl(String perl5RegExp, ConfigAttributeDefinition attr) { public void addSecureUrl(String regExp, ConfigAttributeDefinition attr) {
Pattern compiledPattern; Pattern pattern = Pattern.compile(regExp);
Perl5Compiler compiler = new Perl5Compiler();
try { requestMap.add(new EntryHolder(pattern, attr));
compiledPattern = compiler.compile(perl5RegExp, Perl5Compiler.READ_ONLY_MASK);
} catch (MalformedPatternException mpe) {
throw new IllegalArgumentException("Malformed regular expression: " + perl5RegExp);
}
requestMap.add(new EntryHolder(compiledPattern, attr));
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Added regular expression: " + compiledPattern.getPattern().toString() + "; attributes: " logger.debug("Added regular expression: " + regExp + "; attributes: " + attr);
+ attr);
} }
} }
@ -96,8 +84,6 @@ public class RegExpBasedFilterInvocationDefinitionMap extends AbstractFilterInvo
} }
public ConfigAttributeDefinition lookupAttributes(String url) { public ConfigAttributeDefinition lookupAttributes(String url) {
PatternMatcher matcher = new Perl5Matcher();
Iterator iter = requestMap.iterator(); Iterator iter = requestMap.iterator();
if (isConvertUrlToLowercaseBeforeComparison()) { if (isConvertUrlToLowercaseBeforeComparison()) {
@ -111,10 +97,12 @@ public class RegExpBasedFilterInvocationDefinitionMap extends AbstractFilterInvo
while (iter.hasNext()) { while (iter.hasNext()) {
EntryHolder entryHolder = (EntryHolder) iter.next(); EntryHolder entryHolder = (EntryHolder) iter.next();
boolean matched = matcher.matches(url, entryHolder.getCompiledPattern()); Matcher matcher = entryHolder.getCompiledPattern().matcher(url);
boolean matched = matcher.matches();
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Candidate is: '" + url + "'; pattern is " + entryHolder.getCompiledPattern().getPattern() logger.debug("Candidate is: '" + url + "'; pattern is " + entryHolder.getCompiledPattern()
+ "; matched=" + matched); + "; matched=" + matched);
} }

30
core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java
View File

@ -28,13 +28,6 @@ import org.acegisecurity.userdetails.UserDetailsService;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.oro.text.regex.MalformedPatternException;
import org.apache.oro.text.regex.MatchResult;
import org.apache.oro.text.regex.Pattern;
import org.apache.oro.text.regex.PatternMatcher;
import org.apache.oro.text.regex.Perl5Compiler;
import org.apache.oro.text.regex.Perl5Matcher;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource; import org.springframework.context.MessageSource;
@ -44,6 +37,9 @@ import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
import java.util.regex.MatchResult;
/** /**
@ -70,32 +66,24 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, In
Assert.notNull(userDetailsService, "An authenticationDao must be set"); Assert.notNull(userDetailsService, "An authenticationDao must be set");
Assert.notNull(this.messages, "A message source must be set"); Assert.notNull(this.messages, "A message source must be set");
Perl5Compiler compiler = new Perl5Compiler(); subjectDNPattern = Pattern.compile(subjectDNRegex, Pattern.CASE_INSENSITIVE);
try {
subjectDNPattern = compiler.compile(subjectDNRegex,
Perl5Compiler.READ_ONLY_MASK | Perl5Compiler.CASE_INSENSITIVE_MASK);
} catch (MalformedPatternException mpe) {
throw new IllegalArgumentException("Malformed regular expression: " + subjectDNRegex);
}
} }
public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException { public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException {
String subjectDN = clientCert.getSubjectDN().getName(); String subjectDN = clientCert.getSubjectDN().getName();
PatternMatcher matcher = new Perl5Matcher();
if (!matcher.contains(subjectDN, subjectDNPattern)) { Matcher matcher = subjectDNPattern.matcher(subjectDN);
if (!matcher.find()) {
throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching", throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching",
new Object[] {subjectDN}, "No matching pattern was found in subjectDN: {0}")); new Object[] {subjectDN}, "No matching pattern was found in subjectDN: {0}"));
} }
MatchResult match = matcher.getMatch(); if (matcher.groupCount() != 1) {
if (match.groups() != 2) { // 2 = 1 + the entire match
throw new IllegalArgumentException("Regular expression must contain a single group "); throw new IllegalArgumentException("Regular expression must contain a single group ");
} }
String userName = match.group(1); String userName = matcher.group(1);
UserDetails user = this.userDetailsService.loadUserByUsername(userName); UserDetails user = this.userDetailsService.loadUserByUsername(userName);

20
core/src/test/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
View File

@ -25,6 +25,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import java.util.Iterator; import java.util.Iterator;
import java.util.regex.PatternSyntaxException;
/** /**
@ -38,7 +39,6 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
//~ Constructors =================================================================================================== //~ Constructors ===================================================================================================
public FilterInvocationDefinitionSourceEditorTests() { public FilterInvocationDefinitionSourceEditorTests() {
super();
} }
public FilterInvocationDefinitionSourceEditorTests(String arg0) { public FilterInvocationDefinitionSourceEditorTests(String arg0) {
@ -47,20 +47,11 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(FilterInvocationDefinitionSourceEditorTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testConvertUrlToLowercaseDefaultSettingUnchangedByEditor() { public void testConvertUrlToLowercaseDefaultSettingUnchangedByEditor() {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor(); FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE\r\n\\A/secure/.*\\Z=ROLE_SUPERVISOR,ROLE_TELLER"); editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE\r\n\\A/secure/.*\\Z=ROLE_SUPERVISOR,ROLE_TELLER");
RegExpBasedFilterInvocationDefinitionMap map = (RegExpBasedFilterInvocationDefinitionMap) editor RegExpBasedFilterInvocationDefinitionMap map = (RegExpBasedFilterInvocationDefinitionMap) editor.getValue();
.getValue();
assertFalse(map.isConvertUrlToLowercaseBeforeComparison()); assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
} }
@ -137,14 +128,13 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
assertEquals(0, map.getMapSize()); assertEquals(0, map.getMapSize());
} }
public void testInvalidRegularExpressionsDetected() public void testInvalidRegularExpressionsDetected() throws Exception {
throws Exception {
FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor(); FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
try { try {
editor.setAsText("*=SOME_ROLE"); editor.setAsText("*=SOME_ROLE");
} catch (IllegalArgumentException expected) { fail("Expected PatternSyntaxException");
assertEquals("Malformed regular expression: *", expected.getMessage()); } catch (PatternSyntaxException expected) {
} }
} }

9
core/src/test/java/org/acegisecurity/intercept/web/RegExpBasedFilterDefinitionMapTests.java
View File

@ -36,7 +36,6 @@ public class RegExpBasedFilterDefinitionMapTests extends TestCase {
//~ Constructors =================================================================================================== //~ Constructors ===================================================================================================
public RegExpBasedFilterDefinitionMapTests() { public RegExpBasedFilterDefinitionMapTests() {
super();
} }
public RegExpBasedFilterDefinitionMapTests(String arg0) { public RegExpBasedFilterDefinitionMapTests(String arg0) {
@ -45,14 +44,6 @@ public class RegExpBasedFilterDefinitionMapTests extends TestCase {
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
public static void main(String[] args) {
junit.textui.TestRunner.run(RegExpBasedFilterDefinitionMapTests.class);
}
public final void setUp() throws Exception {
super.setUp();
}
public void testConvertUrlToLowercaseIsFalseByDefault() { public void testConvertUrlToLowercaseIsFalseByDefault() {
RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap(); RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
assertFalse(map.isConvertUrlToLowercaseBeforeComparison()); assertFalse(map.isConvertUrlToLowercaseBeforeComparison());