ホーム エクスプローラ ヘルプ
登録 サインイン
github
/
spring-security
同期ミラー https://github.com/spring-projects/spring-security
2
0
フォーク 0
ファイル 課題 0 Wiki
ソースを参照

SEC-551: Convert RegExpBasedFilterInvocationDefinitionMap and DaoX509AuthoritiesPopulator to use JDK regexps. Removed ORO dependency from the project.

Luke Taylor 18 年 前
6eb17c8546
コミット
448e8cfb42
5 ファイル変更25 行追加73 行削除
一括表示 差分情報を表示
  1. 0 5
      core/pom.xml
  2. 10 22
      core/src/main/java/org/acegisecurity/intercept/web/RegExpBasedFilterInvocationDefinitionMap.java
  3. 9 21
      core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java
  4. 6 16
      core/src/test/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
  5. 0 9
      core/src/test/java/org/acegisecurity/intercept/web/RegExpBasedFilterDefinitionMapTests.java

+ 0 - 5
core/pom.xml
ファイルの表示 

@@ -77,11 +77,6 @@
 
 			<artifactId>commons-codec</artifactId>
 
 			<artifactId>commons-codec</artifactId>
 
 			<version>1.3</version>
 
 			<version>1.3</version>
 
 		</dependency>
 
 		</dependency>
 
-		<dependency>
 
-			<groupId>oro</groupId>
 
-			<artifactId>oro</artifactId>
 
-			<version>2.0.8</version>
 
-		</dependency>
 
 		<dependency>
 
 		<dependency>
 
 			<groupId>commons-collections</groupId>
 
 			<groupId>commons-collections</groupId>
 
 			<artifactId>commons-collections</artifactId>
 
 			<artifactId>commons-collections</artifactId>

+ 10 - 22
core/src/main/java/org/acegisecurity/intercept/web/RegExpBasedFilterInvocationDefinitionMap.java
ファイルの表示 

@@ -20,17 +20,13 @@ import org.acegisecurity.ConfigAttributeDefinition;
 
 import org.apache.commons.logging.Log;
 
 import org.apache.commons.logging.Log;
 
 import org.apache.commons.logging.LogFactory;
 
 import org.apache.commons.logging.LogFactory;
 
 
 
-import org.apache.oro.text.regex.MalformedPatternException;
 
-import org.apache.oro.text.regex.Pattern;
 
-import org.apache.oro.text.regex.PatternMatcher;
 
-import org.apache.oro.text.regex.Perl5Compiler;
 
-import org.apache.oro.text.regex.Perl5Matcher;
 
-
 
 import java.util.HashSet;
 
 import java.util.HashSet;
 
 import java.util.Iterator;
 
 import java.util.Iterator;
 
 import java.util.List;
 
 import java.util.List;
 
 import java.util.Set;
 
 import java.util.Set;
 
 import java.util.Vector;
 
 import java.util.Vector;
 
+import java.util.regex.Pattern;
 
+import java.util.regex.Matcher;
 
 
 
 
 
 /**
 
 /**
 
@@ -57,21 +53,13 @@ public class RegExpBasedFilterInvocationDefinitionMap extends AbstractFilterInvo
 
 
 
     //~ Methods ========================================================================================================
 
     //~ Methods ========================================================================================================
 
 
 
-    public void addSecureUrl(String perl5RegExp, ConfigAttributeDefinition attr) {
 
-        Pattern compiledPattern;
 
-        Perl5Compiler compiler = new Perl5Compiler();
 
-
 
-        try {
 
-            compiledPattern = compiler.compile(perl5RegExp, Perl5Compiler.READ_ONLY_MASK);
 
-        } catch (MalformedPatternException mpe) {
 
-            throw new IllegalArgumentException("Malformed regular expression: " + perl5RegExp);
 
-        }
 
+    public void addSecureUrl(String regExp, ConfigAttributeDefinition attr) {
 
+        Pattern pattern = Pattern.compile(regExp);
 
 
 
-        requestMap.add(new EntryHolder(compiledPattern, attr));
 
+        requestMap.add(new EntryHolder(pattern, attr));
 
 
 
         if (logger.isDebugEnabled()) {
 
         if (logger.isDebugEnabled()) {
 
-            logger.debug("Added regular expression: " + compiledPattern.getPattern().toString() + "; attributes: "
 
-                + attr);
 
+            logger.debug("Added regular expression: " + regExp + "; attributes: " + attr);
 
         }
 
         }
 
     }
 
     }
 
 
 
@@ -96,8 +84,6 @@ public class RegExpBasedFilterInvocationDefinitionMap extends AbstractFilterInvo
 
     }
 
     }
 
 
 
     public ConfigAttributeDefinition lookupAttributes(String url) {
 
     public ConfigAttributeDefinition lookupAttributes(String url) {
 
-        PatternMatcher matcher = new Perl5Matcher();
 
-
 
         Iterator iter = requestMap.iterator();
 
         Iterator iter = requestMap.iterator();
 
 
 
         if (isConvertUrlToLowercaseBeforeComparison()) {
 
         if (isConvertUrlToLowercaseBeforeComparison()) {
 
@@ -111,10 +97,12 @@ public class RegExpBasedFilterInvocationDefinitionMap extends AbstractFilterInvo
 
         while (iter.hasNext()) {
 
         while (iter.hasNext()) {
 
             EntryHolder entryHolder = (EntryHolder) iter.next();
 
             EntryHolder entryHolder = (EntryHolder) iter.next();
 
 
 
-            boolean matched = matcher.matches(url, entryHolder.getCompiledPattern());
 
+            Matcher matcher = entryHolder.getCompiledPattern().matcher(url);
 
+
 
+            boolean matched = matcher.matches();
 
 
 
             if (logger.isDebugEnabled()) {
 
             if (logger.isDebugEnabled()) {
 
-                logger.debug("Candidate is: '" + url + "'; pattern is " + entryHolder.getCompiledPattern().getPattern()
 
+                logger.debug("Candidate is: '" + url + "'; pattern is " + entryHolder.getCompiledPattern()
 
                     + "; matched=" + matched);
 
                     + "; matched=" + matched);
 
             }
 
             }

+ 9 - 21
core/src/main/java/org/acegisecurity/providers/x509/populator/DaoX509AuthoritiesPopulator.java
ファイルの表示 

@@ -28,13 +28,6 @@ import org.acegisecurity.userdetails.UserDetailsService;
 
 import org.apache.commons.logging.Log;
 
 import org.apache.commons.logging.Log;
 
 import org.apache.commons.logging.LogFactory;
 
 import org.apache.commons.logging.LogFactory;
 
 
 
-import org.apache.oro.text.regex.MalformedPatternException;
 
-import org.apache.oro.text.regex.MatchResult;
 
-import org.apache.oro.text.regex.Pattern;
 
-import org.apache.oro.text.regex.PatternMatcher;
 
-import org.apache.oro.text.regex.Perl5Compiler;
 
-import org.apache.oro.text.regex.Perl5Matcher;
 
-
 
 import org.springframework.beans.factory.InitializingBean;
 
 import org.springframework.beans.factory.InitializingBean;
 
 
 
 import org.springframework.context.MessageSource;
 
 import org.springframework.context.MessageSource;
 
@@ -44,6 +37,9 @@ import org.springframework.context.support.MessageSourceAccessor;
 
 import org.springframework.util.Assert;
 
 import org.springframework.util.Assert;
 
 
 
 import java.security.cert.X509Certificate;
 
 import java.security.cert.X509Certificate;
 
+import java.util.regex.Pattern;
 
+import java.util.regex.Matcher;
 
+import java.util.regex.MatchResult;
 
 
 
 
 
 /**
 
 /**
 
@@ -70,32 +66,24 @@ public class DaoX509AuthoritiesPopulator implements X509AuthoritiesPopulator, In
 
         Assert.notNull(userDetailsService, "An authenticationDao must be set");
 
         Assert.notNull(userDetailsService, "An authenticationDao must be set");
 
         Assert.notNull(this.messages, "A message source must be set");
 
         Assert.notNull(this.messages, "A message source must be set");
 
 
 
-        Perl5Compiler compiler = new Perl5Compiler();
 
-
 
-        try {
 
-            subjectDNPattern = compiler.compile(subjectDNRegex,
 
-                    Perl5Compiler.READ_ONLY_MASK | Perl5Compiler.CASE_INSENSITIVE_MASK);
 
-        } catch (MalformedPatternException mpe) {
 
-            throw new IllegalArgumentException("Malformed regular expression: " + subjectDNRegex);
 
-        }
 
+        subjectDNPattern = Pattern.compile(subjectDNRegex, Pattern.CASE_INSENSITIVE);
 
     }
 
     }
 
 
 
     public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException {
 
     public UserDetails getUserDetails(X509Certificate clientCert) throws AuthenticationException {
 
         String subjectDN = clientCert.getSubjectDN().getName();
 
         String subjectDN = clientCert.getSubjectDN().getName();
 
-        PatternMatcher matcher = new Perl5Matcher();
 
 
 
-        if (!matcher.contains(subjectDN, subjectDNPattern)) {
 
+        Matcher matcher = subjectDNPattern.matcher(subjectDN);
 
+
 
+        if (!matcher.find()) {
 
             throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching",
 
             throw new BadCredentialsException(messages.getMessage("DaoX509AuthoritiesPopulator.noMatching",
 
                     new Object[] {subjectDN}, "No matching pattern was found in subjectDN: {0}"));
 
                     new Object[] {subjectDN}, "No matching pattern was found in subjectDN: {0}"));
 
         }
 
         }
 
 
 
-        MatchResult match = matcher.getMatch();
 
-
 
-        if (match.groups() != 2) { // 2 = 1 + the entire match
 
+        if (matcher.groupCount() != 1) {
 
             throw new IllegalArgumentException("Regular expression must contain a single group ");
 
             throw new IllegalArgumentException("Regular expression must contain a single group ");
 
         }
 
         }
 
 
 
-        String userName = match.group(1);
 
+        String userName = matcher.group(1);
 
 
 
         UserDetails user = this.userDetailsService.loadUserByUsername(userName);
 
         UserDetails user = this.userDetailsService.loadUserByUsername(userName);

+ 6 - 16
core/src/test/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditorTests.java
ファイルの表示 

@@ -25,6 +25,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import org.springframework.mock.web.MockHttpServletResponse;
 
 
 
 import java.util.Iterator;
 
 import java.util.Iterator;
 
+import java.util.regex.PatternSyntaxException;
 
 
 
 
 
 /**
 
 /**
 
@@ -38,7 +39,6 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
 
     //~ Constructors ===================================================================================================
 
     //~ Constructors ===================================================================================================
 
 
 
     public FilterInvocationDefinitionSourceEditorTests() {
 
     public FilterInvocationDefinitionSourceEditorTests() {
 
-        super();
 
     }
 
     }
 
 
 
     public FilterInvocationDefinitionSourceEditorTests(String arg0) {
 
     public FilterInvocationDefinitionSourceEditorTests(String arg0) {
 
@@ -47,20 +47,11 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
 
 
 
     //~ Methods ========================================================================================================
 
     //~ Methods ========================================================================================================
 
 
 
-    public static void main(String[] args) {
 
-        junit.textui.TestRunner.run(FilterInvocationDefinitionSourceEditorTests.class);
 
-    }
 
-
 
-    public final void setUp() throws Exception {
 
-        super.setUp();
 
-    }
 
-
 
     public void testConvertUrlToLowercaseDefaultSettingUnchangedByEditor() {
 
     public void testConvertUrlToLowercaseDefaultSettingUnchangedByEditor() {
 
         FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
 
         FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
 
         editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE\r\n\\A/secure/.*\\Z=ROLE_SUPERVISOR,ROLE_TELLER");
 
         editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE\r\n\\A/secure/.*\\Z=ROLE_SUPERVISOR,ROLE_TELLER");
 
 
 
-        RegExpBasedFilterInvocationDefinitionMap map = (RegExpBasedFilterInvocationDefinitionMap) editor
 
-            .getValue();
 
+        RegExpBasedFilterInvocationDefinitionMap map = (RegExpBasedFilterInvocationDefinitionMap) editor.getValue();
 
         assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
 
         assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
 
     }
 
     }
 
 
 
@@ -137,14 +128,13 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
 
         assertEquals(0, map.getMapSize());
 
         assertEquals(0, map.getMapSize());
 
     }
 
     }
 
 
 
-    public void testInvalidRegularExpressionsDetected()
 
-        throws Exception {
 
+    public void testInvalidRegularExpressionsDetected() throws Exception {
 
         FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
 
         FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
 
 
 
         try {
 
         try {
 
             editor.setAsText("*=SOME_ROLE");
 
             editor.setAsText("*=SOME_ROLE");
 
-        } catch (IllegalArgumentException expected) {
 
-            assertEquals("Malformed regular expression: *", expected.getMessage());
 
+            fail("Expected PatternSyntaxException");
 
+        } catch (PatternSyntaxException expected) {
 
         }
 
         }
 
     }
 
     }
 
 
 
@@ -284,7 +274,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
 
 
 
         assertEquals(expected, returned);
 
         assertEquals(expected, returned);
 
     }
 
     }
 
-    
+
 
     public void testWhitespaceAndCommentsAndLinesWithoutEqualsSignsAreIgnored() {
 
     public void testWhitespaceAndCommentsAndLinesWithoutEqualsSignsAreIgnored() {
 
         FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
 
         FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
 
         editor.setAsText(
 
         editor.setAsText(

+ 0 - 9
core/src/test/java/org/acegisecurity/intercept/web/RegExpBasedFilterDefinitionMapTests.java
ファイルの表示 

@@ -36,7 +36,6 @@ public class RegExpBasedFilterDefinitionMapTests extends TestCase {
 
     //~ Constructors ===================================================================================================
 
     //~ Constructors ===================================================================================================
 
 
 
     public RegExpBasedFilterDefinitionMapTests() {
 
     public RegExpBasedFilterDefinitionMapTests() {
 
-        super();
 
     }
 
     }
 
 
 
     public RegExpBasedFilterDefinitionMapTests(String arg0) {
 
     public RegExpBasedFilterDefinitionMapTests(String arg0) {
 
@@ -45,14 +44,6 @@ public class RegExpBasedFilterDefinitionMapTests extends TestCase {
 
 
 
     //~ Methods ========================================================================================================
 
     //~ Methods ========================================================================================================
 
 
 
-    public static void main(String[] args) {
 
-        junit.textui.TestRunner.run(RegExpBasedFilterDefinitionMapTests.class);
 
-    }
 
-
 
-    public final void setUp() throws Exception {
 
-        super.setUp();
 
-    }
 
-
 
     public void testConvertUrlToLowercaseIsFalseByDefault() {
 
     public void testConvertUrlToLowercaseIsFalseByDefault() {
 
         RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
 
         RegExpBasedFilterInvocationDefinitionMap map = new RegExpBasedFilterInvocationDefinitionMap();
 
         assertFalse(map.isConvertUrlToLowercaseBeforeComparison());
 
         assertFalse(map.isConvertUrlToLowercaseBeforeComparison());