From 1e5d8c5403551a2ee43ce0f8ad843c067d1ce74d Mon Sep 17 00:00:00 2001 From: maxcooper Date: Sun, 30 Mar 2003 10:33:02 +0000 Subject: [PATCH] added fix for proper UTF matching --- .../org/securityfilter/filter/SecurityFilter.java | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/src/share/org/securityfilter/filter/SecurityFilter.java b/src/share/org/securityfilter/filter/SecurityFilter.java index 51f341f..3e1f665 100644 --- a/src/share/org/securityfilter/filter/SecurityFilter.java +++ b/src/share/org/securityfilter/filter/SecurityFilter.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.16 2003/02/08 08:52:43 maxcooper Exp $ - * $Revision: 1.16 $ - * $Date: 2003/02/08 08:52:43 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.17 2003/03/30 10:33:02 maxcooper Exp $ + * $Revision: 1.17 $ + * $Date: 2003/03/30 10:33:02 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -77,7 +77,7 @@ import java.util.*; * @author Max Cooper (max@maxcooper.com) * @author Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net) * @author Torgeir Veimo (torgeir@pobox.com) - * @version $Revision: 1.16 $ $Date: 2003/02/08 08:52:43 $ + * @version $Revision: 1.17 $ $Date: 2003/03/30 10:33:02 $ */ public class SecurityFilter implements Filter { public static final String SAVED_REQUEST_URL = SecurityFilter.class.getName() + ".SAVED_REQUEST_URL"; @@ -477,20 +477,18 @@ public class SecurityFilter implements Filter { /** * Return a URL that can be matched against security URL patterns.

* - * This is the part after the contextPath, with no query string.
+ * This is the part after the contextPath, with the pathInfo, but without the query string.
* http://server:8080/contextPath/someURL.jsp?param=value becomes /someURL.jsp * * @param request the request to construct a matchable URL for */ private String getMatchableURL(HttpServletRequest request) { - // extract the request URL portion that needs to be checked - String matchableURL = request.getRequestURI(); - // remove the contextPath - matchableURL = matchableURL.substring(request.getContextPath().length()); - // use PathInfo if this request didn't match a servlet name + // extract the servlet path portion that needs to be checked + String matchableURL = request.getServletPath(); + // add the pathInfo, as it needs to be part of the URL we check String pathInfo = request.getPathInfo(); - if ("/".equals(matchableURL) && pathInfo != null) { - matchableURL = pathInfo; + if (pathInfo != null) { + matchableURL = matchableURL + pathInfo; } return matchableURL; } -- 2.11.0