From 54face1235e0ebb474bf06cc8529024897cf3882 Mon Sep 17 00:00:00 2001 From: maxcooper Date: Mon, 6 Jan 2003 01:14:23 +0000 Subject: [PATCH] now allows unrestricted access to login page and error page --- .../org/securityfilter/filter/SecurityFilter.java | 30 ++++++++++++++++------ 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/src/share/org/securityfilter/filter/SecurityFilter.java b/src/share/org/securityfilter/filter/SecurityFilter.java index a029ddc..cf5023c 100644 --- a/src/share/org/securityfilter/filter/SecurityFilter.java +++ b/src/share/org/securityfilter/filter/SecurityFilter.java @@ -1,7 +1,7 @@ /* - * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.12 2003/01/06 00:17:25 maxcooper Exp $ - * $Revision: 1.12 $ - * $Date: 2003/01/06 00:17:25 $ + * $Header: /cvsroot/securityfilter/securityfilter/src/share/org/securityfilter/filter/SecurityFilter.java,v 1.13 2003/01/06 01:14:23 maxcooper Exp $ + * $Revision: 1.13 $ + * $Date: 2003/01/06 01:14:23 $ * * ==================================================================== * The SecurityFilter Software License, Version 1.1 @@ -75,7 +75,7 @@ import java.util.*; * * @author Max Cooper (max@maxcooper.com) * @author Torgeir Veimo (torgeir@pobox.com) - * @version $Revision: 1.12 $ $Date: 2003/01/06 00:17:25 $ + * @version $Revision: 1.13 $ $Date: 2003/01/06 01:14:23 $ */ public class SecurityFilter implements Filter { public static final String SAVED_REQUEST_URL = SecurityFilter.class.getName() + ".SAVED_REQUEST_URL"; @@ -90,7 +90,9 @@ public class SecurityFilter implements Filter { protected FilterConfig config; protected SecurityRealmInterface realm; protected String loginPage; + protected URLPattern loginPagePattern; protected String errorPage; + protected URLPattern errorPagePattern; protected String defaultPage; protected URLPatternFactory patternFactory; protected List patternList; @@ -143,8 +145,16 @@ public class SecurityFilter implements Filter { return; } - // check if request matches security constraint - match = matchPattern(requestURL, wrappedRequest.getMethod(), patternMatcher); + // only check the request for a security constraint match if it doesn't + // match the login page or error page patterns -- this allows requests for the + // login page and error pages to be viewed even when their URLs would otherwise + // be subject to a security constraint + if (!patternMatcher.match(requestURL, loginPagePattern) + && !patternMatcher.match(requestURL, loginPagePattern) + ) { + // check if request matches security constraint + match = matchPattern(requestURL, wrappedRequest.getMethod(), patternMatcher); + } } catch (Exception e) { throw new ServletException("Error matching patterns", e); } @@ -211,10 +221,14 @@ public class SecurityFilter implements Filter { // get config values realm = securityConfig.getRealm(); - errorPage = securityConfig.getErrorPage(); - loginPage = securityConfig.getLoginPage(); defaultPage = securityConfig.getDefaultPage(); + // get login and error page patterns + loginPage = securityConfig.getLoginPage(); + loginPagePattern = patternFactory.createURLPattern(loginPage, null, null, 0); + errorPage = securityConfig.getErrorPage(); + errorPagePattern = patternFactory.createURLPattern(errorPage, null, null, 0); + // create pattern list patternList = new ArrayList(); int order = 1; -- 2.11.0