Tynamo

Handle no-context, no ending slash with the same wildcard rule

Details

  • Type: Improvement Improvement
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Not A Bug
  • Affects Version/s: security-0.4.4
  • Fix Version/s: security-0.4.5
  • Component/s: security
  • Labels:
    None
  • Number of attachments :
    0

Description

A path with no context and no ending slash is currently not handle by <path>/* rule, make it so.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Kalle Korhonen added a comment -

I implemented a following fix before noticing the ant pattern matcher handles the case already.

Index: src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java
===================================================================
— src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (revision 2388)
+++ src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (working copy)
@@ -89,6 +89,10 @@

SecurityFilterChain configureChain = null;
for (String path : chainMap.keySet()) {
+ // make sure paths /admin and /admin/ are handled by the same wildcard url
+ // intentionally don't consider questionmark character
+ if (!requestURI.endsWith("/") && path.endsWith("*")) requestURI += "/";
+
// If the path does match, then pass on to the subclass implementation for specific checks:
if (pathMatcher.matches(path, requestURI)) {
configureChain = chainMap.get(path);

Show
Kalle Korhonen added a comment - I implemented a following fix before noticing the ant pattern matcher handles the case already. Index: src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java =================================================================== — src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (revision 2388) +++ src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (working copy) @@ -89,6 +89,10 @@ SecurityFilterChain configureChain = null; for (String path : chainMap.keySet()) { + // make sure paths /admin and /admin/ are handled by the same wildcard url + // intentionally don't consider questionmark character + if (!requestURI.endsWith("/") && path.endsWith("*")) requestURI += "/"; + // If the path does match, then pass on to the subclass implementation for specific checks: if (pathMatcher.matches(path, requestURI)) { configureChain = chainMap.get(path);
Hide
Permalink
Kalle Korhonen added a comment -

Just implemented a test for it, the current codebase handles the case already

Show
Kalle Korhonen added a comment - Just implemented a test for it, the current codebase handles the case already

People

  • Assignee:
    Kalle Korhonen
    Reporter:
    Kalle Korhonen
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: