geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

The CasaIdentityToken class has been updated to escape strings stored in

Browse Source 
CasaIdentityTokens which may contain XML reserved characters.
This commit is contained in:
Juan Carlos Luciani 2007-06-06 21:12:00 +00:00
parent cb1de1c2cc
commit f41b81a004
3 changed files with 46 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java
View File

@ -46,6 +46,7 @@ import org.xml.sax.helpers.XMLReaderFactory;
import org.bandit.util.config.Realm; import org.bandit.util.config.Realm;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.apache.commons.lang.StringEscapeUtils;
/** /**
* CasaIdentityToken Class. * CasaIdentityToken Class.
@ -335,6 +336,9 @@ public final class CasaIdentityToken implements IdentityToken
// Verify that we are processing the expected tag // Verify that we are processing the expected tag
if (idElementName.equalsIgnoreCase(qName)) if (idElementName.equalsIgnoreCase(qName))
{ {
// Un-escape the identity id
m_casaIdentToken.m_identityId = StringEscapeUtils.unescapeXml(m_casaIdentToken.m_identityId);
// Advance to the next state // Advance to the next state
m_state = AWAITING_SOURCE_NAME_ELEMENT_START; m_state = AWAITING_SOURCE_NAME_ELEMENT_START;
} }
@ -402,6 +406,40 @@ public final class CasaIdentityToken implements IdentityToken
break; break;
case AWAITING_ATTRIBUTE_END: case AWAITING_ATTRIBUTE_END:
// If necessary, un-escape the attribute data.
if (!m_encryptedAttrs)
{
Attribute attrib = m_casaIdentToken.m_attributes.remove(m_currAttribute);
if (attrib != null)
{
try
{
String attribData = (String) attrib.get();
if (attribData != null)
{
m_casaIdentToken.m_attributes.put(m_currAttribute,
StringEscapeUtils.unescapeXml(attribData));
}
else
{
m_log.error("SAXHandler.endElement()- Attribute data not found");
throw new SAXException("Attribute data not found");
}
}
catch (NamingException e)
{
m_log.error("SAXHandler.endElement()- Attribute data not found");
throw new SAXException("Attribute data not found", e);
}
}
else
{
m_log.error("SAXHandler.endElement()- Attribute not found");
throw new SAXException("Attribute not found");
}
}
// Advance to the next state // Advance to the next state
m_state = AWAITING_ATTRIBUTE_START; m_state = AWAITING_ATTRIBUTE_START;
break; break;
@ -746,7 +784,7 @@ public final class CasaIdentityToken implements IdentityToken
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
sb.append(ProtoDefs.xmlDeclaration); sb.append("\r\n"); sb.append(ProtoDefs.xmlDeclaration); sb.append("\r\n");
sb.append("<"); sb.append(casaIdentTokElementName); sb.append(">"); sb.append("\r\n"); sb.append("<"); sb.append(casaIdentTokElementName); sb.append(">"); sb.append("\r\n");
sb.append("<"); sb.append(idElementName); sb.append(">"); sb.append(identityId); sb.append("</"); sb.append(idElementName); sb.append(">\r\n"); sb.append("<"); sb.append(idElementName); sb.append(">"); sb.append(StringEscapeUtils.escapeXml(identityId)); sb.append("</"); sb.append(idElementName); sb.append(">\r\n");
sb.append("<"); sb.append(sourceNameElementName); sb.append(">"); sb.append(sourceName); sb.append("</"); sb.append(sourceNameElementName); sb.append(">\r\n"); sb.append("<"); sb.append(sourceNameElementName); sb.append(">"); sb.append(sourceName); sb.append("</"); sb.append(sourceNameElementName); sb.append(">\r\n");
sb.append("<"); sb.append(sourceUrlElementName); sb.append(">"); sb.append(m_sourceUrl); sb.append("</"); sb.append(sourceUrlElementName); sb.append(">\r\n"); sb.append("<"); sb.append(sourceUrlElementName); sb.append(">"); sb.append(m_sourceUrl); sb.append("</"); sb.append(sourceUrlElementName); sb.append(">\r\n");
sb.append("<"); sb.append(targetServiceElementName); sb.append(">"); sb.append(m_service); sb.append("</"); sb.append(targetServiceElementName); sb.append(">\r\n"); sb.append("<"); sb.append(targetServiceElementName); sb.append(">"); sb.append(m_service); sb.append("</"); sb.append(targetServiceElementName); sb.append(">\r\n");
@ -793,7 +831,7 @@ public final class CasaIdentityToken implements IdentityToken
else else
{ {
// Assume the attribute value is of type String // Assume the attribute value is of type String
sb.append("<"); sb.append(attr.getID()); sb.append(">"); sb.append(attrValue); sb.append("</"); sb.append(attr.getID()); sb.append(">\r\n"); sb.append("<"); sb.append(attr.getID()); sb.append(">"); sb.append(StringEscapeUtils.escapeXml((String) attrValue)); sb.append("</"); sb.append(attr.getID()); sb.append(">\r\n");
} }
} }
} }

6
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
View File

@ -18,7 +18,7 @@
Name: @PACKAGE@ Name: @PACKAGE@
URL: http://www.novell.com/products URL: http://www.novell.com/products
BuildRequires: gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 xml-commons-apis BuildRequires: gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 xml-commons-apis
BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel curl BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel curl jakarta-commons-lang
%define prefix /usr %define prefix /usr
License: LGPL License: LGPL
Group: Applications/System Group: Applications/System
@ -30,7 +30,7 @@ Summary: Novell CASA Authentication Token Service
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: jre >= 1.5.0 Requires: jre >= 1.5.0
Requires: servletapi5 tomcat5 sysvinit insserv identity-abstraction sed log4j xerces-j2 CASA curl Requires: servletapi5 tomcat5 sysvinit insserv identity-abstraction sed log4j xerces-j2 CASA curl jakarta-commons-lang
PreReq: %fillup_prereq %insserv_prereq PreReq: %fillup_prereq %insserv_prereq
PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
@ -56,7 +56,7 @@ services that are CASA authentication enabled.
Summary: Novell CASA Authentication Token JAAS Support Components Summary: Novell CASA Authentication Token JAAS Support Components
Group: Applications/System Group: Applications/System
Requires: jre >= 1.5.0 Requires: jre >= 1.5.0
Requires: log4j jakarta-commons-logging xerces-j2 Requires: log4j jakarta-commons-logging xerces-j2 jakarta-commons-lang
%description -n CASA_auth_token_jaas_support %description -n CASA_auth_token_jaas_support
CASA_auth_token is an authentication token infrastructure with support for CASA_auth_token is an authentication token infrastructure with support for

6
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
View File

@ -18,7 +18,7 @@
Name: @PACKAGE@ Name: @PACKAGE@
URL: http://www.novell.com/products URL: http://www.novell.com/products
BuildRequires: gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 jdk novell-zenworks-java-links xml-commons-apis BuildRequires: gcc-c++ glib2-devel identity-abstraction insserv libstdc++ libstdc++-devel mono-devel pkgconfig servletapi5 sysvinit xerces-j2 jdk novell-zenworks-java-links xml-commons-apis
BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel BuildRequires: java-sdk-1.5.0 update-alternatives log4j jakarta-commons-logging pwdutils CASA-devel jakarta-commons-lang
%define prefix /usr %define prefix /usr
License: LGPL License: LGPL
Group: Applications/System Group: Applications/System
@ -30,7 +30,7 @@ Summary: Novell CASA Authentication Token Service
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: jre >= 1.5.0 Requires: jre >= 1.5.0
Requires: novell-zenworks-tomcat sysvinit insserv identity-abstraction sed jdk novell-zenworks-java-links log4j xerces-j2 CASA Requires: novell-zenworks-tomcat sysvinit insserv identity-abstraction sed jdk novell-zenworks-java-links log4j xerces-j2 CASA jakarta-commons-lang
PreReq: %fillup_prereq %insserv_prereq PreReq: %fillup_prereq %insserv_prereq
PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd PreReq: /usr/bin/awk, /usr/bin/test, /bin/grep, /bin/cat, /usr/bin/install, /bin/pwd
PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent PreReq: /usr/sbin/groupadd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/bin/getent
@ -56,7 +56,7 @@ services that are CASA authentication enabled.
Summary: Novell CASA Authentication Token JAAS Support Components Summary: Novell CASA Authentication Token JAAS Support Components
Group: Applications/System Group: Applications/System
Requires: jre >= 1.5.0 CASA_auth_token_svc jdk novell-zenworks-java-links log4j Requires: jre >= 1.5.0 CASA_auth_token_svc jdk novell-zenworks-java-links log4j
Requires: log4j jakarta-commons-logging xerces-j2 Requires: log4j jakarta-commons-logging xerces-j2 jakarta-commons-lang
%description -n CASA_auth_token_jaas_support %description -n CASA_auth_token_jaas_support
CASA_auth_token is an authentication token infrastructure with support for CASA_auth_token is an authentication token infrastructure with support for