Tynamo
  1. Tynamo
  2. TYNAMO-160

Handle no-context, no ending slash with the same wildcard rule

    Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Not A Bug
    • Affects Version/s: security-0.4.4
    • Fix Version/s: security-0.4.5
    • Component/s: security
    • Labels:
      None
    • Number of attachments :
      0

      Description

      A path with no context and no ending slash is currently not handle by <path>/* rule, make it so.

        Activity

        Hide
        Kalle Korhonen added a comment -

        I implemented a following fix before noticing the ant pattern matcher handles the case already.

        Index: src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java
        ===================================================================
        — src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (revision 2388)
        +++ src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (working copy)
        @@ -89,6 +89,10 @@

        SecurityFilterChain configureChain = null;
        for (String path : chainMap.keySet()) {
        + // make sure paths /admin and /admin/ are handled by the same wildcard url
        + // intentionally don't consider questionmark character
        + if (!requestURI.endsWith("/") && path.endsWith("*")) requestURI += "/";
        +
        // If the path does match, then pass on to the subclass implementation for specific checks:
        if (pathMatcher.matches(path, requestURI)) {
        configureChain = chainMap.get(path);

        Show
        Kalle Korhonen added a comment - I implemented a following fix before noticing the ant pattern matcher handles the case already. Index: src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java =================================================================== — src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (revision 2388) +++ src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java (working copy) @@ -89,6 +89,10 @@ SecurityFilterChain configureChain = null; for (String path : chainMap.keySet()) { + // make sure paths /admin and /admin/ are handled by the same wildcard url + // intentionally don't consider questionmark character + if (!requestURI.endsWith("/") && path.endsWith("*")) requestURI += "/"; + // If the path does match, then pass on to the subclass implementation for specific checks: if (pathMatcher.matches(path, requestURI)) { configureChain = chainMap.get(path);
        Hide
        Kalle Korhonen added a comment -

        Just implemented a test for it, the current codebase handles the case already

        Show
        Kalle Korhonen added a comment - Just implemented a test for it, the current codebase handles the case already
        Hide
        Alejandro Scandroli added a comment -

        bulk closing issues that have been resolved for more than a year.

        Show
        Alejandro Scandroli added a comment - bulk closing issues that have been resolved for more than a year.

          People

          • Assignee:
            Kalle Korhonen
            Reporter:
            Kalle Korhonen
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: