Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes 338068 (Leaking ConstraintMappings on redeploy). 

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2829 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Simone Bordet 2011-02-24 11:21:33 +00:00
parent 42d8d84239
commit f5cb64ff54
2 changed files with 43 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
VERSION.txt
View File

@ -22,6 +22,7 @@ jetty-7.3.1-SNAPSHOT
+ JETTY-1331 Allow alternate XML configuration processors (eg spring) + JETTY-1331 Allow alternate XML configuration processors (eg spring)
+ JETTY-1335 HttpClient's SelectConnector clean-up + JETTY-1335 HttpClient's SelectConnector clean-up
+ JETTY-1333 HttpClient _timeout and _soTimeout is messed up + JETTY-1333 HttpClient _timeout and _soTimeout is messed up
+ 338068 Leaking ConstraintMappings on redeploy
jetty-7.3.0.v20110203 3 February 2011 jetty-7.3.0.v20110203 3 February 2011
+ JETTY-1259 NullPointerException in JDBCSessionIdManager when invalidating session (further update) + JETTY-1259 NullPointerException in JDBCSessionIdManager when invalidating session (further update)

85
jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
View File

@ -4,17 +4,16 @@
// All rights reserved. This program and the accompanying materials // All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0 // are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution. // and Apache License v2.0 which accompanies this distribution.
// The Eclipse Public License is available at // The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html // http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at // The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php // http://www.opensource.org/licenses/apache2.0.php
// You may elect to redistribute this code under either of these licenses. // You may elect to redistribute this code under either of these licenses.
// ======================================================================== // ========================================================================
package org.eclipse.jetty.security; package org.eclipse.jetty.security;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
@ -31,10 +30,7 @@ import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConnection; import org.eclipse.jetty.server.HttpConnection;
import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response; import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.SessionManager;
import org.eclipse.jetty.server.UserIdentity; import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.util.StringMap; import org.eclipse.jetty.util.StringMap;
import org.eclipse.jetty.util.TypeUtil; import org.eclipse.jetty.util.TypeUtil;
@ -43,7 +39,7 @@ import org.eclipse.jetty.util.TypeUtil;
* Handler to enforce SecurityConstraints. This implementation is servlet spec * Handler to enforce SecurityConstraints. This implementation is servlet spec
* 2.4 compliant and precomputes the constraint combinations for runtime * 2.4 compliant and precomputes the constraint combinations for runtime
* efficiency. * efficiency.
* *
*/ */
public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware
{ {
@ -51,9 +47,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
private final Set<String> _roles = new CopyOnWriteArraySet<String>(); private final Set<String> _roles = new CopyOnWriteArraySet<String>();
private final PathMap _constraintMap = new PathMap(); private final PathMap _constraintMap = new PathMap();
private boolean _strict = true; private boolean _strict = true;
private SessionHandler _sessionHandler;
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** Get the strict mode. /** Get the strict mode.
* @return true if the security handler is running in strict mode. * @return true if the security handler is running in strict mode.
@ -74,7 +68,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
* <li>The * role in a constraint applies to ANY role rather than all roles defined in * <li>The * role in a constraint applies to ANY role rather than all roles defined in
* the deployment descriptor. * the deployment descriptor.
* </ul> * </ul>
* *
* @param strict the strict to set * @param strict the strict to set
* @see #setRoles(Set) * @see #setRoles(Set)
* @see #setConstraintMappings(List, Set) * @see #setConstraintMappings(List, Set)
@ -86,7 +80,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* @return Returns the contraintMappings. * @return Returns the constraintMappings.
*/ */
public List<ConstraintMapping> getConstraintMappings() public List<ConstraintMapping> getConstraintMappings()
{ {
@ -98,41 +92,41 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
{ {
return _roles; return _roles;
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Process the constraints following the combining rules in Servlet 3.0 EA * Process the constraints following the combining rules in Servlet 3.0 EA
* spec section 13.7.1 Note that much of the logic is in the RoleInfo class. * spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
* *
* @param constraintMappings * @param constraintMappings
* The contraintMappings to set, from which the set of known roles * The constraintMappings to set, from which the set of known roles
* is determined. * is determined.
*/ */
public void setConstraintMappings(List<ConstraintMapping> constraintMappings) public void setConstraintMappings(List<ConstraintMapping> constraintMappings)
{ {
setConstraintMappings(constraintMappings,null); setConstraintMappings(constraintMappings,null);
} }
/** /**
* Process the constraints following the combining rules in Servlet 3.0 EA * Process the constraints following the combining rules in Servlet 3.0 EA
* spec section 13.7.1 Note that much of the logic is in the RoleInfo class. * spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
* *
* @param constraintMappings * @param constraintMappings
* The contraintMappings to set as array, from which the set of known roles * The constraintMappings to set as array, from which the set of known roles
* is determined. Needed to retain API compatibility for 7.x * is determined. Needed to retain API compatibility for 7.x
*/ */
public void setConstraintMappings( ConstraintMapping[] constraintMappings ) public void setConstraintMappings( ConstraintMapping[] constraintMappings )
{ {
setConstraintMappings( Arrays.asList(constraintMappings), null); setConstraintMappings( Arrays.asList(constraintMappings), null);
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Process the constraints following the combining rules in Servlet 3.0 EA * Process the constraints following the combining rules in Servlet 3.0 EA
* spec section 13.7.1 Note that much of the logic is in the RoleInfo class. * spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
* *
* @param constraintMappings * @param constraintMappings
* The contraintMappings to set. * The constraintMappings to set.
* @param roles The known roles (or null to determine them from the mappings) * @param roles The known roles (or null to determine them from the mappings)
*/ */
public void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles) public void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles)
@ -141,7 +135,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
throw new IllegalStateException("Started"); throw new IllegalStateException("Started");
_constraintMappings.clear(); _constraintMappings.clear();
_constraintMappings.addAll(constraintMappings); _constraintMappings.addAll(constraintMappings);
if (roles==null) if (roles==null)
{ {
roles = new HashSet<String>(); roles = new HashSet<String>();
@ -158,7 +152,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
} }
setRoles(roles); setRoles(roles);
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
* Set the known roles. * Set the known roles.
@ -171,12 +165,12 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
{ {
if (isStarted()) if (isStarted())
throw new IllegalStateException("Started"); throw new IllegalStateException("Started");
_roles.clear(); _roles.clear();
_roles.addAll(roles); _roles.addAll(roles);
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
/** /**
@ -188,10 +182,10 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
if (mapping.getConstraint()!=null && mapping.getConstraint().getRoles()!=null) if (mapping.getConstraint()!=null && mapping.getConstraint().getRoles()!=null)
for (String role : mapping.getConstraint().getRoles()) for (String role : mapping.getConstraint().getRoles())
addRole(role); addRole(role);
if (isStarted()) if (isStarted())
{ {
processContraintMapping(mapping); processConstraintMapping(mapping);
} }
} }
@ -228,17 +222,22 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
{ {
for (ConstraintMapping mapping : _constraintMappings) for (ConstraintMapping mapping : _constraintMappings)
{ {
processContraintMapping(mapping); processConstraintMapping(mapping);
} }
} }
if (ContextHandler.getCurrentContext()!=null)
_sessionHandler = ContextHandler.getCurrentContext().getContextHandler().getNestedHandlerByClass(SessionHandler.class);
super.doStart(); super.doStart();
} }
protected void processContraintMapping(ConstraintMapping mapping) @Override
protected void doStop() throws Exception
{
_constraintMap.clear();
_constraintMappings.clear();
_roles.clear();
super.doStop();
}
protected void processConstraintMapping(ConstraintMapping mapping)
{ {
Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.get(mapping.getPathSpec()); Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.get(mapping.getPathSpec());
if (mappings == null) if (mappings == null)
@ -249,7 +248,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
RoleInfo allMethodsRoleInfo = mappings.get(null); RoleInfo allMethodsRoleInfo = mappings.get(null);
if (allMethodsRoleInfo != null && allMethodsRoleInfo.isForbidden()) if (allMethodsRoleInfo != null && allMethodsRoleInfo.isForbidden())
return; return;
String httpMethod = mapping.getMethod(); String httpMethod = mapping.getMethod();
RoleInfo roleInfo = mappings.get(httpMethod); RoleInfo roleInfo = mappings.get(httpMethod);
if (roleInfo == null) if (roleInfo == null)
@ -263,7 +262,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
} }
if (roleInfo.isForbidden()) if (roleInfo.isForbidden())
return; return;
Constraint constraint = mapping.getConstraint(); Constraint constraint = mapping.getConstraint();
boolean forbidden = constraint.isForbidden(); boolean forbidden = constraint.isForbidden();
roleInfo.setForbidden(forbidden); roleInfo.setForbidden(forbidden);
@ -320,7 +319,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
} }
} }
} }
protected Object prepareConstraintInfo(String pathInContext, Request request) protected Object prepareConstraintInfo(String pathInContext, Request request)
{ {
Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.match(pathInContext); Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.match(pathInContext);
@ -333,7 +332,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
roleInfo = mappings.get(null); roleInfo = mappings.get(null);
return roleInfo; return roleInfo;
} }
return null; return null;
} }
@ -341,12 +340,12 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
{ {
if (constraintInfo == null) if (constraintInfo == null)
return true; return true;
RoleInfo roleInfo = (RoleInfo)constraintInfo; RoleInfo roleInfo = (RoleInfo)constraintInfo;
if (roleInfo.isForbidden()) if (roleInfo.isForbidden())
return false; return false;
UserDataConstraint dataConstraint = roleInfo.getUserDataConstraint(); UserDataConstraint dataConstraint = roleInfo.getUserDataConstraint();
if (dataConstraint == null || dataConstraint == UserDataConstraint.None) if (dataConstraint == null || dataConstraint == UserDataConstraint.None)
{ {
@ -390,7 +389,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
} }
else else
response.sendError(Response.SC_FORBIDDEN,"!Confidential"); response.sendError(Response.SC_FORBIDDEN,"!Confidential");
request.setHandled(true); request.setHandled(true);
return false; return false;
} }
@ -424,10 +423,10 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
{ {
return true; return true;
} }
if (roleInfo.isAnyRole() && request.getAuthType()!=null) if (roleInfo.isAnyRole() && request.getAuthType()!=null)
return true; return true;
for (String role : roleInfo.getRoles()) for (String role : roleInfo.getRoles())
{ {
if (userIdentity.isUserInRole(role, null)) if (userIdentity.isUserInRole(role, null))