From f41b81a004aacd00211cef7640d7280ad311b9eb Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Wed, 6 Jun 2007 21:12:00 +0000 Subject: [PATCH] The CasaIdentityToken class has been updated to escape strings stored in CasaIdentityTokens which may contain XML reserved characters. --- .../casa/authtoksvc/CasaIdentityToken.java | 42 ++++++++++++++++++- .../package/linux/CASA_auth_token_svc.spec.in | 6 +-- .../linux/CASA_auth_token_svc_4zen.spec.in | 6 +-- 3 files changed, 46 insertions(+), 8 deletions(-) diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java index e356fe6f..6152084a 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java @@ -46,6 +46,7 @@ import org.xml.sax.helpers.XMLReaderFactory; import org.bandit.util.config.Realm; import org.apache.log4j.Logger; +import org.apache.commons.lang.StringEscapeUtils; /** * CasaIdentityToken Class. @@ -335,6 +336,9 @@ public final class CasaIdentityToken implements IdentityToken // Verify that we are processing the expected tag if (idElementName.equalsIgnoreCase(qName)) { + // Un-escape the identity id + m_casaIdentToken.m_identityId = StringEscapeUtils.unescapeXml(m_casaIdentToken.m_identityId); + // Advance to the next state m_state = AWAITING_SOURCE_NAME_ELEMENT_START; } @@ -402,6 +406,40 @@ public final class CasaIdentityToken implements IdentityToken break; case AWAITING_ATTRIBUTE_END: + + // If necessary, un-escape the attribute data. + if (!m_encryptedAttrs) + { + Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute); + if (attrib != null) + { + try + { + String attribData = (String) attrib.get(); + if (attribData != null) + { + m_casaIdentToken.m_attributes.put(m_currAttribute, + StringEscapeUtils.unescapeXml(attribData)); + } + else + { + m_log.error("SAXHandler.endElement()- Attribute data not found"); + throw new SAXException("Attribute data not found"); + } + } + catch (NamingException e) + { + m_log.error("SAXHandler.endElement()- Attribute data not found"); + throw new SAXException("Attribute data not found", e); + } + } + else + { + m_log.error("SAXHandler.endElement()- Attribute not found"); + throw new SAXException("Attribute not found"); + } + } + // Advance to the next state m_state = AWAITING_ATTRIBUTE_START; break; @@ -746,7 +784,7 @@ public final class CasaIdentityToken implements IdentityToken StringBuffer sb = new StringBuffer(); sb.append(ProtoDefs.xmlDeclaration); sb.append("\r\n"); sb.append("<"); sb.append(casaIdentTokElementName); sb.append(">"); sb.append("\r\n"); - sb.append("<"); sb.append(idElementName); sb.append(">"); sb.append(identityId); sb.append("\r\n"); + sb.append("<"); sb.append(idElementName); sb.append(">"); sb.append(StringEscapeUtils.escapeXml(identityId)); sb.append("\r\n"); sb.append("<"); sb.append(sourceNameElementName); sb.append(">"); sb.append(sourceName); sb.append("\r\n"); sb.append("<"); sb.append(sourceUrlElementName); sb.append(">"); sb.append(m_sourceUrl); sb.append("\r\n"); sb.append("<"); sb.append(targetServiceElementName); sb.append(">"); sb.append(m_service); sb.append("\r\n"); @@ -793,7 +831,7 @@ public final class CasaIdentityToken implements IdentityToken else { // Assume the attribute value is of type String - sb.append("<"); sb.append(attr.getID()); sb.append(">"); sb.append(attrValue); sb.append("\r\n"); + sb.append("<"); sb.append(attr.getID()); sb.append(">"); sb.append(StringEscapeUtils.escapeXml((String) attrValue)); sb.append("\r\n"); } } } diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in index dbf5f858..4902626b 100644 --- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in +++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in @@ -18,7 +18,7 @@ Name: @PACKAGE@ URL: http://www.novell.com/products BuildRequires: gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 xml-commons-apis -BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel curl +BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel curl jakarta-commons-lang %define prefix /usr License: LGPL Group: Applications/System @@ -30,7 +30,7 @@ Summary: Novell CASA Authentication Token Service Source: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: jre >= 1.5.0 -Requires: servletapi5 tomcat5 sysvinit insserv identity-abstraction sed log4j xerces-j2 CASA curl +Requires: servletapi5 tomcat5 sysvinit insserv identity-abstraction sed log4j xerces-j2 CASA curl jakarta-commons-lang PreReq: %fillup_prereq %insserv_prereq PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent @@ -56,7 +56,7 @@ services that are CASA authentication enabled. Summary: Novell CASA Authentication Token JAAS Support Components Group: Applications/System Requires: jre >= 1.5.0 -Requires: log4j jakarta-commons-logging xerces-j2 +Requires: log4j jakarta-commons-logging xerces-j2 jakarta-commons-lang %description -n CASA_auth_token_jaas_support CASA_auth_token is an authentication token infrastructure with support for diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in index 590464b9..5b9076bd 100644 --- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in +++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in @@ -18,7 +18,7 @@ Name: @PACKAGE@ URL: http://www.novell.com/products BuildRequires: gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 jdk novell-zenworks-java-links xml-commons-apis -BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel +BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel jakarta-commons-lang %define prefix /usr License: LGPL Group: Applications/System @@ -30,7 +30,7 @@ Summary: Novell CASA Authentication Token Service Source: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: jre >= 1.5.0 -Requires: novell-zenworks-tomcat sysvinit insserv identity-abstraction sed jdk novell-zenworks-java-links log4j xerces-j2 CASA +Requires: novell-zenworks-tomcat sysvinit insserv identity-abstraction sed jdk novell-zenworks-java-links log4j xerces-j2 CASA jakarta-commons-lang PreReq: %fillup_prereq %insserv_prereq PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent @@ -56,7 +56,7 @@ services that are CASA authentication enabled. Summary: Novell CASA Authentication Token JAAS Support Components Group: Applications/System Requires: jre >= 1.5.0 CASA_auth_token_svc jdk novell-zenworks-java-links log4j -Requires: log4j jakarta-commons-logging xerces-j2 +Requires: log4j jakarta-commons-logging xerces-j2 jakarta-commons-lang %description -n CASA_auth_token_jaas_support CASA_auth_token is an authentication token infrastructure with support for