Author: echatellier Date: 2012-10-23 17:29:49 +0200 (Tue, 23 Oct 2012) New Revision: 228 Url: http://nuiton.org/repositories/revision/nuiton-web/228 Log: Add configuration option to split url on various characters Added: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-10-19 13:11:36 UTC (rev 227) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-10-23 15:29:49 UTC (rev 228) @@ -114,13 +114,9 @@ // get permission String uri = ((HttpServletRequest)servletRequest).getRequestURI(); - String perm = "url" + uri.replace('/', ':'); - // cas de la permission url: qui est equivalente a url:* - if (perm.endsWith(":")) { - perm += "/"; - } + String perm = SecurityUtil.convertToShiroPerm(uri, config.getOption("topia.security.separators")); - if (subjectUser.isPermitted(perm)) { + if (subjectUser.isPermitted("url" + perm)) { if (log.isDebugEnabled()) { log.debug("User is permitted to access " + perm); } @@ -136,7 +132,12 @@ } // save request and redirect to login Session session = subjectUser.getSession(); - session.setAttribute(SESSION_SAVED_URL, ((HttpServletRequest)servletRequest).getRequestURL().toString()); + HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest; + StringBuffer requestURL = new StringBuffer(httpServletRequest.getRequestURL()); + if (httpServletRequest.getQueryString() != null) { + requestURL.append('?').append(httpServletRequest.getQueryString()); + } + session.setAttribute(SESSION_SAVED_URL, requestURL.toString()); ((HttpServletResponse)servletResponse).sendRedirect(config.getOption("topia.security.loginurl")); } else { ((HttpServletResponse)servletResponse).sendError(401, "Not authorized to access " + uri); Added: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java (rev 0) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java 2012-10-23 15:29:49 UTC (rev 228) @@ -0,0 +1,27 @@ +package org.nuiton.web.security; + +public class SecurityUtil { + + /** + * Split url with separators definined in separator string. + * + * @param url url to convert + * @param separators each string character is used a separator char (null allowed) + * @return shiro permission (: separator) + */ + public static String convertToShiroPerm(String url, String separators) { + String perm = url; + if (separators != null) { + for (int i = 0; i < separators.length(); i++) { + perm = perm.replace(separators.charAt(i), ':'); + } + } + + // cas de la permission url: qui est equivalente a url:* + if (perm.endsWith(":")) { + perm += "/"; + } + + return perm; + } +} Property changes on: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityUtil.java ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision HeadURL Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2012-10-19 13:11:36 UTC (rev 227) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/TopiaSecurityRealm.java 2012-10-23 15:29:49 UTC (rev 228) @@ -97,8 +97,10 @@ } // ajout de l'url de login et logout quand meme !!! - result.addStringPermission("url" + config.getOption("topia.security.loginurl").replace('/', ':')); - result.addStringPermission("url" + config.getOption("topia.security.logouturl").replace('/', ':')); + result.addStringPermission("url" + SecurityUtil.convertToShiroPerm(config.getOption("topia.security.loginurl"), + config.getOption("topia.security.separators"))); + result.addStringPermission("url" + SecurityUtil.convertToShiroPerm(config.getOption("topia.security.logouturl"), + config.getOption("topia.security.separators"))); } catch (Exception ex) {