geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

The CasaIdentityToken class has been updated to escape strings stored in

Browse Source 
CasaIdentityTokens which may contain XML reserved characters.
This commit is contained in:
Juan Carlos Luciani 2007-06-06 21:12:00 +00:00
parent cb1de1c2cc
commit f41b81a004
3 changed files with 46 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
View File

@ -46,6 +46,7 @@ import org.xml.sax.helpers.XMLReaderFactory;
import org.bandit.util.config.Realm;
import org.apache.log4j.Logger;
import org.apache.commons.lang.StringEscapeUtils;
/**
* CasaIdentityToken Class.
@ -335,6 +336,9 @@ public final class CasaIdentityToken implements IdentityToken
// Verify that we are processing the expected tag
if (idElementName.equalsIgnoreCase(qName))
{
// Un-escape the identity id
m_casaIdentToken.m_identityId = StringEscapeUtils.unescapeXml(m_casaIdentToken.m_identityId);
// Advance to the next state
m_state = AWAITING_SOURCE_NAME_ELEMENT_START;
}
@ -402,6 +406,40 @@ public final class CasaIdentityToken implements IdentityToken
break;
case AWAITING_ATTRIBUTE_END:
// If necessary, un-escape the attribute data.
if (!m_encryptedAttrs)
{
Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute);
if (attrib != null)
{
try
{
String attribData = (String) attrib.get();
if (attribData != null)
{
m_casaIdentToken.m_attributes.put(m_currAttribute,
StringEscapeUtils.unescapeXml(attribData));
}
else
{
m_log.error("SAXHandler.endElement()- Attribute data not found");
throw new SAXException("Attribute data not found");
}
}
catch (NamingException e)
{
m_log.error("SAXHandler.endElement()- Attribute data not found");
throw new SAXException("Attribute data not found", e);
}
}
else
{
m_log.error("SAXHandler.endElement()- Attribute not found");
throw new SAXException("Attribute not found");
}
}
// Advance to the next state
m_state = AWAITING_ATTRIBUTE_START;
break;
@ -746,7 +784,7 @@ public final class CasaIdentityToken implements IdentityToken
StringBuffer sb = new StringBuffer();
sb.append(ProtoDefs.xmlDeclaration); sb.append("\r\n");
sb.append("<"); sb.append(casaIdentTokElementName); sb.append(">"); sb.append("\r\n");
sb.append("<"); sb.append(idElementName); sb.append(">"); sb.append(identityId); sb.append("</"); sb.append(idElementName); sb.append(">\r\n");
sb.append("<"); sb.append(idElementName); sb.append(">"); sb.append(StringEscapeUtils.escapeXml(identityId)); sb.append("</"); sb.append(idElementName); sb.append(">\r\n");
sb.append("<"); sb.append(sourceNameElementName); sb.append(">"); sb.append(sourceName); sb.append("</"); sb.append(sourceNameElementName); sb.append(">\r\n");
sb.append("<"); sb.append(sourceUrlElementName); sb.append(">"); sb.append(m_sourceUrl); sb.append("</"); sb.append(sourceUrlElementName); sb.append(">\r\n");
sb.append("<"); sb.append(targetServiceElementName); sb.append(">"); sb.append(m_service); sb.append("</"); sb.append(targetServiceElementName); sb.append(">\r\n");
@ -793,7 +831,7 @@ public final class CasaIdentityToken implements IdentityToken
else
{
// Assume the attribute value is of type String
sb.append("<"); sb.append(attr.getID()); sb.append(">"); sb.append(attrValue); sb.append("</"); sb.append(attr.getID()); sb.append(">\r\n");
sb.append("<"); sb.append(attr.getID()); sb.append(">"); sb.append(StringEscapeUtils.escapeXml((String) attrValue)); sb.append("</"); sb.append(attr.getID()); sb.append(">\r\n");
}
}
}

6
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
View File

@ -18,7 +18,7 @@
Name: @PACKAGE@
URL: http://www.novell.com/products
BuildRequires: gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 xml-commons-apis
BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel curl
BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel curl jakarta-commons-lang
%define prefix /usr
License: LGPL
Group: Applications/System
@ -30,7 +30,7 @@ Summary: Novell CASA Authentication Token Service
Source: %{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: jre >= 1.5.0
Requires: servletapi5 tomcat5 sysvinit insserv identity-abstraction sed log4j xerces-j2 CASA curl
Requires: servletapi5 tomcat5 sysvinit insserv identity-abstraction sed log4j xerces-j2 CASA curl jakarta-commons-lang
PreReq: %fillup_prereq %insserv_prereq
PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
@ -56,7 +56,7 @@ services that are CASA authentication enabled.
Summary: Novell CASA Authentication Token JAAS Support Components
Group: Applications/System
Requires: jre >= 1.5.0
Requires: log4j jakarta-commons-logging xerces-j2
Requires: log4j jakarta-commons-logging xerces-j2 jakarta-commons-lang
%description -n CASA_auth_token_jaas_support
CASA_auth_token is an authentication token infrastructure with support for

6
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
View File

@ -18,7 +18,7 @@
Name: @PACKAGE@
URL: http://www.novell.com/products
BuildRequires: gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 jdk novell-zenworks-java-links xml-commons-apis
BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel
BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel jakarta-commons-lang
%define prefix /usr
License: LGPL
Group: Applications/System
@ -30,7 +30,7 @@ Summary: Novell CASA Authentication Token Service
Source: %{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: jre >= 1.5.0
Requires: novell-zenworks-tomcat sysvinit insserv identity-abstraction sed jdk novell-zenworks-java-links log4j xerces-j2 CASA
Requires: novell-zenworks-tomcat sysvinit insserv identity-abstraction sed jdk novell-zenworks-java-links log4j xerces-j2 CASA jakarta-commons-lang
PreReq: %fillup_prereq %insserv_prereq
PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
@ -56,7 +56,7 @@ services that are CASA authentication enabled.
Summary: Novell CASA Authentication Token JAAS Support Components
Group: Applications/System
Requires: jre >= 1.5.0 CASA_auth_token_svc jdk novell-zenworks-java-links log4j
Requires: log4j jakarta-commons-logging xerces-j2
Requires: log4j jakarta-commons-logging xerces-j2 jakarta-commons-lang
%description -n CASA_auth_token_jaas_support
CASA_auth_token is an authentication token infrastructure with support for