Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-378: Use trim instead of replacement for space removal.

This commit is contained in:
Ben Alex 2006-11-14 01:55:44 +00:00
parent ad6c501379
commit 5640eb0511
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java
View File

@ -150,7 +150,7 @@ public class AuthorizeTag extends TagSupport {
// Remove the role's whitespace characters without depending on JDK 1.4+ // Remove the role's whitespace characters without depending on JDK 1.4+
// Includes space, tab, new line, carriage return and form feed. // Includes space, tab, new line, carriage return and form feed.
String role = StringUtils.replace(authority, " ", ""); String role = authority.trim(); // trim, don't use spaces, as per SEC-378
role = StringUtils.replace(role, "\t", ""); role = StringUtils.replace(role, "\t", "");
role = StringUtils.replace(role, "\r", ""); role = StringUtils.replace(role, "\r", "");
role = StringUtils.replace(role, "\n", ""); role = StringUtils.replace(role, "\n", "");

6
core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagTests.java
View File

@ -47,7 +47,7 @@ public class AuthorizeTagTests extends TestCase {
currentUser = new TestingAuthenticationToken("abc", "123", currentUser = new TestingAuthenticationToken("abc", "123",
new GrantedAuthority[] { new GrantedAuthority[] {
new GrantedAuthorityImpl("ROLE_SUPERVISOR"), new GrantedAuthorityImpl("ROLE_TELLER"), new GrantedAuthorityImpl("ROLE SUPERVISOR"), new GrantedAuthorityImpl("ROLE_TELLER"),
}); });
SecurityContextHolder.getContext().setAuthentication(currentUser); SecurityContextHolder.getContext().setAuthentication(currentUser);
@ -80,7 +80,7 @@ public class AuthorizeTagTests extends TestCase {
} }
public void testOutputsBodyWhenAllGranted() throws JspException { public void testOutputsBodyWhenAllGranted() throws JspException {
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_TELLER"); authorizeTag.setIfAllGranted("ROLE SUPERVISOR,ROLE_TELLER");
assertEquals("allows request - all required roles granted on principal", Tag.EVAL_BODY_INCLUDE, assertEquals("allows request - all required roles granted on principal", Tag.EVAL_BODY_INCLUDE,
authorizeTag.doStartTag()); authorizeTag.doStartTag());
} }
@ -107,7 +107,7 @@ public class AuthorizeTagTests extends TestCase {
public void testSkipsBodyWhenMissingAnAllGranted() public void testSkipsBodyWhenMissingAnAllGranted()
throws JspException { throws JspException {
authorizeTag.setIfAllGranted("ROLE_SUPERVISOR,ROLE_TELLER,ROLE_BANKER"); authorizeTag.setIfAllGranted("ROLE SUPERVISOR,ROLE_TELLER,ROLE_BANKER");
assertEquals("prevents request - missing ROLE_BANKER on principal", Tag.SKIP_BODY, authorizeTag.doStartTag()); assertEquals("prevents request - missing ROLE_BANKER on principal", Tag.SKIP_BODY, authorizeTag.doStartTag());
} }