Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-14 08:02:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-219: Support complex tokenization scenarios.

Browse Source
This commit is contained in:
Ben Alex 2006-04-26 02:23:19 +00:00
parent 14683dcbc7
commit 948f79e2e2
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
core/src/main/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditor.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -18,11 +18,10 @@ package org.acegisecurity.intercept.web;
import org.acegisecurity.ConfigAttributeDefinition; import org.acegisecurity.ConfigAttributeDefinition;
import org.acegisecurity.ConfigAttributeEditor; import org.acegisecurity.ConfigAttributeEditor;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.util.StringUtils;
import java.beans.PropertyEditorSupport; import java.beans.PropertyEditorSupport;
import java.io.BufferedReader; import java.io.BufferedReader;
@ -116,15 +115,21 @@ public class FilterInvocationDefinitionSourceEditor
continue; continue;
} }
// Tokenize the line into its name/value tokens if (line.lastIndexOf("==") != -1) {
String[] nameValue = StringUtils.delimitedListToStringArray(line, "="); throw new IllegalArgumentException(
String name = nameValue[0]; "Only single equals should be used in line " + line);
String value = nameValue[1];
if(!StringUtils.hasLength(name) || !StringUtils.hasLength(value)) {
throw new IllegalArgumentException("Failed to parse a valid name/value pair from " + line);
} }
// Tokenize the line into its name/value tokens
// As per SEC-219, use the LAST equals as the delimiter between LHS and RHS
String name = StringUtils.substringBeforeLast(line, "=");
String value = StringUtils.substringAfterLast(line, "=");
if (StringUtils.isBlank(name) || StringUtils.isBlank(value)) {
throw new IllegalArgumentException(
"Failed to parse a valid name/value pair from " + line);
}
// Convert value to series of security configuration attributes // Convert value to series of security configuration attributes
ConfigAttributeEditor configAttribEd = new ConfigAttributeEditor(); ConfigAttributeEditor configAttribEd = new ConfigAttributeEditor();
configAttribEd.setAsText(value); configAttribEd.setAsText(value);