From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Sun, 30 Dec 2007 21:59:31 +0000 (+0000)
Subject: Implement a fix for bug 43840 along with a rudimentary test case.
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=e52f34fdc2a474808acebdf48b263c641514b657;p=tomcat7.0

Implement a fix for bug 43840 along with a rudimentary test case.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@607596 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/org/apache/catalina/ha/session/SerializablePrincipal.java b/java/org/apache/catalina/ha/session/SerializablePrincipal.java
index a2240f96d..20d597590 100644
--- a/java/org/apache/catalina/ha/session/SerializablePrincipal.java
+++ b/java/org/apache/catalina/ha/session/SerializablePrincipal.java
@@ -19,31 +19,37 @@
 package org.apache.catalina.ha.session;
 
 
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
+import java.io.Serializable;
+
+import java.security.Principal;
+
 import java.util.Arrays;
 import java.util.List;
+
 import org.apache.catalina.Realm;
+import org.apache.catalina.realm.GenericPrincipal;
 
 
 /**
  * Generic implementation of <strong>java.security.Principal</strong> that
  * is available for use by <code>Realm</code> implementations.
- * The GenericPrincipal does NOT implement serializable and I didn't want to change that implementation
- * hence I implemented this one instead.
+ * The GenericPrincipal does NOT implement serializable and I didn't want to
+ * change that implementation hence I implemented this one instead.
  * @author Filip Hanik
  * @version $Revision$ $Date$
  */
-import org.apache.catalina.realm.GenericPrincipal;
-import java.io.ObjectInput;
-import java.io.ObjectOutput;
 public class SerializablePrincipal  implements java.io.Serializable {
 
 
     // ----------------------------------------------------------- Constructors
 
-    public SerializablePrincipal()
-    {
+    public SerializablePrincipal() {
         super();
     }
+    
+    
     /**
      * Construct a new Principal, associated with the specified Realm, for the
      * specified username and password.
@@ -70,7 +76,24 @@ public class SerializablePrincipal  implements java.io.Serializable {
      * @param roles List of roles (must be Strings) possessed by this user
      */
     public SerializablePrincipal(Realm realm, String name, String password,
-                            List roles) {
+                            List<String> roles) {
+        this(realm, name, password, roles, null);
+    }
+
+    
+    /**
+     * Construct a new Principal, associated with the specified Realm, for the
+     * specified username and password, with the specified role names
+     * (as Strings).
+     *
+     * @param realm The Realm that owns this principal
+     * @param name The username of the user represented by this Principal
+     * @param password Credentials used to authenticate this user
+     * @param roles List of roles (must be Strings) possessed by this user
+     * @param userPrincipal The user principal to be exposed to applications
+     */
+    public SerializablePrincipal(Realm realm, String name, String password,
+                            List<String> roles, Principal userPrincipal) {
 
         super();
         this.realm = realm;
@@ -78,10 +101,11 @@ public class SerializablePrincipal  implements java.io.Serializable {
         this.password = password;
         if (roles != null) {
             this.roles = new String[roles.size()];
-            this.roles = (String[]) roles.toArray(this.roles);
+            this.roles = roles.toArray(this.roles);
             if (this.roles.length > 0)
                 Arrays.sort(this.roles);
         }
+        this.userPrincipal = userPrincipal;
 
     }
 
@@ -136,6 +160,11 @@ public class SerializablePrincipal  implements java.io.Serializable {
     }
 
 
+    /**
+     * The user principal, if present.
+     */
+    protected Principal userPrincipal = null;
+    
     // --------------------------------------------------------- Public Methods
 
 
@@ -160,12 +189,15 @@ public class SerializablePrincipal  implements java.io.Serializable {
         return new SerializablePrincipal(principal.getRealm(),
                                          principal.getName(),
                                          principal.getPassword(),
-                                         principal.getRoles()!=null?Arrays.asList(principal.getRoles()):null);
+                                         principal.getRoles()!=null?Arrays.asList(principal.getRoles()):null,
+                                         principal.getUserPrincipal()!=principal?principal.getUserPrincipal():null);
     }
 
     public GenericPrincipal getPrincipal( Realm realm )
     {
-        return new GenericPrincipal(realm,name,password,getRoles()!=null?Arrays.asList(getRoles()):null);
+        return new GenericPrincipal(realm, name, password,
+                getRoles()!=null?Arrays.asList(getRoles()):null,
+                userPrincipal);
     }
     
     public static GenericPrincipal readPrincipal(ObjectInput in, Realm realm) throws java.io.IOException{
@@ -176,7 +208,18 @@ public class SerializablePrincipal  implements java.io.Serializable {
         int size = in.readInt();
         String[] roles = new String[size];
         for ( int i=0; i<size; i++ ) roles[i] = in.readUTF();
-        return new GenericPrincipal(realm,name,pwd,Arrays.asList(roles));
+        Principal innerPrincipal = null;
+        boolean hasInnerPrincipal = in.readBoolean();
+        if (hasInnerPrincipal) {
+            try {
+                innerPrincipal = (Principal) in.readObject();
+            } catch (ClassNotFoundException e) {
+                // Failed to read inner Principal
+                e.printStackTrace();
+            }
+        }
+        return new GenericPrincipal(realm,name,pwd,Arrays.asList(roles),
+                innerPrincipal);
     }
     
     public static void writePrincipal(GenericPrincipal p, ObjectOutput out) throws java.io.IOException {
@@ -187,6 +230,10 @@ public class SerializablePrincipal  implements java.io.Serializable {
         if ( roles == null ) roles = new String[0];
         out.writeInt(roles.length);
         for ( int i=0; i<roles.length; i++ ) out.writeUTF(roles[i]);
+        boolean hasInnerPrincipal = (p != p.getUserPrincipal() &&
+                p.getUserPrincipal() instanceof Serializable);
+        out.writeBoolean(hasInnerPrincipal);
+        if (hasInnerPrincipal) out.writeObject(p.getUserPrincipal());
     }
 
 
diff --git a/test/org/apache/catalina/ha/session/TestPrincipal.java b/test/org/apache/catalina/ha/session/TestPrincipal.java
new file mode 100644
index 000000000..7a7fed1c8
--- /dev/null
+++ b/test/org/apache/catalina/ha/session/TestPrincipal.java
@@ -0,0 +1,35 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.catalina.ha.session;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+public class TestPrincipal implements Principal, Serializable {
+    
+    private String name;
+
+    public TestPrincipal(String theName) {
+        name = theName;
+    }
+    
+    public String getName() {
+        return name;
+    }
+    
+}
\ No newline at end of file
diff --git a/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java b/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java
new file mode 100644
index 000000000..5f99cb124
--- /dev/null
+++ b/test/org/apache/catalina/ha/session/TestSerializablePrincipal.java
@@ -0,0 +1,105 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.catalina.ha.session;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.catalina.realm.GenericPrincipal;
+
+import junit.framework.TestCase;
+
+public class TestSerializablePrincipal extends TestCase {
+
+    /**
+     * Simple serialization / de-serialization test for bug 43840.
+     */
+    public void testWriteReadPrincipal() {
+        // Get a temporary file to use for the serialization test
+        File file = null;
+        try {
+            file = File.createTempFile("ser", null);
+            file.deleteOnExit();
+        } catch (IOException e) {
+            e.printStackTrace();
+            fail("ioe creating temporary file");
+        }
+        
+        // Create the Principal to serialize
+        List<String> roles = new ArrayList<String>();
+        roles.add("RoleA");
+        roles.add("RoleB");
+        TestPrincipal tpOriginal = new TestPrincipal("inner");
+        GenericPrincipal gpOriginal =
+            new GenericPrincipal(null, "usr", "pwd", roles, tpOriginal);
+        
+        // Do the serialization
+        try {
+            FileOutputStream fos = new FileOutputStream(file);
+            ObjectOutputStream oos = new ObjectOutputStream(fos);
+            SerializablePrincipal.writePrincipal(gpOriginal, oos);
+            oos.close();
+            fos.close();
+        } catch (FileNotFoundException e) {
+            e.printStackTrace();
+            fail("fnfe creating object output stream");
+        } catch (IOException e) {
+            e.printStackTrace();
+            fail("ioe serializing principal");
+        }
+        
+        // De-serialize the Principal
+        GenericPrincipal gpNew = null;
+        try {
+            FileInputStream fis = new FileInputStream(file);
+            ObjectInputStream ois = new ObjectInputStream(fis);
+            gpNew = SerializablePrincipal.readPrincipal(ois, null);
+        } catch (FileNotFoundException e) {
+            e.printStackTrace();
+            fail("fnfe reading object output stream");
+        } catch (IOException e) {
+            e.printStackTrace();
+            fail("ioe de-serializing principal");
+        }
+        
+        // Now test how similar original and de-serialized versions are
+        assertEquals("User names different", gpOriginal.getName(),
+                gpNew.getName());
+        assertEquals("Passwords different", gpOriginal.getPassword(),
+                gpNew.getPassword());
+        assertEquals("Number of roles different", gpOriginal.getRoles().length,
+                gpNew.getRoles().length);
+        for (int i = 0; i < gpOriginal.getRoles().length; i++) {
+            assertEquals("Role name index " + i + "different",
+                    gpOriginal.getRoles()[i], gpNew.getRoles()[i]);
+        }
+        // These are the key tests for bug 43840
+        assertNotSame("Inner principal not present", gpNew,
+                gpNew.getUserPrincipal());
+        assertEquals("Inner user names are different", tpOriginal.getName(),
+                gpNew.getUserPrincipal().getName());
+    }
+
+}