costin 01/07/15 16:58:32
Modified: src/share/org/apache/tomcat/modules/aaa
AccessInterceptor.java
Log:
AccessInterceptor will now use case-insensitive match for windows. Better
safe :-)
The main reason is that FileUtil ( which is used right now to do the checks )
is fine as long as someone is calling it - we do call it in StaticInterceptor,
but what if the user defines a servlet to handle static files ?
( there are many other cases where this will help )
Revision Changes Path
1.12 +40 -7
jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java
Index: AccessInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- AccessInterceptor.java 2001/05/21 04:22:32 1.11
+++ AccessInterceptor.java 2001/07/15 23:58:32 1.12
@@ -60,7 +60,7 @@
package org.apache.tomcat.modules.aaa;
import org.apache.tomcat.core.*;
-import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.buf.*;
import org.apache.tomcat.util.io.FileUtil;
import org.apache.tomcat.util.http.*;
import java.util.*;
@@ -93,8 +93,19 @@
int reqTransportNote;
public AccessInterceptor() {
+ ignoreCase= (File.separatorChar == '\\');
}
+ // -------------------- Ingore case --------------------
+ boolean ignoreCase=false;
+
+ /** Use case insensitive match, for windows and
+ similar platforms
+ */
+ public void setIgnoreCase( boolean b ) {
+ ignoreCase=b;
+ }
+
/* -------------------- Initialization -------------------- */
/** Set the context manager. To keep it simple we don't support
@@ -258,6 +269,12 @@
if( ctxSec==null || ctxSec.patterns==0 ) return 0; // fast exit
String reqURI = req.requestURI().toString();
+
+ /* We don't need this if we normalize the path
+ if( reqURI.indexOf( "//" ) >= 0 )
+ return 403;
+ */
+
String path=reqURI.substring( ctxPathLen);
String method=req.method().toString();
@@ -337,7 +354,7 @@
if( ctMethods != null && ctMethods.length > 0 ) {
boolean ok=false;
for( int i=0; i< ctMethods.length; i++ ) {
- if( method.equals( ctMethods[i] ) ) {
+ if( method.equalsIgnoreCase( ctMethods[i] ) ) {
ok=true;
break;
}
@@ -361,15 +378,31 @@
// if more can be matched in the path, include matching the '/'
if( path.length() > matchLen )
matchLen++;
- for( int i=0; i< matchLen ; i++ ) {
- if( path.charAt( i ) != ctPath.charAt( i ))
- return false;
+ if( ignoreCase ) {
+ for( int i=0; i< matchLen ; i++ ) {
+ if( Ascii.toLower(path.charAt( i )) !=
+ Ascii.toLower(ctPath.charAt( i )))
+ return false;
+ }
+ } else {
+ for( int i=0; i< matchLen ; i++ ) {
+ if( path.charAt( i ) != ctPath.charAt( i ))
+ return false;
+ }
}
return true;
case Container.EXTENSION_MAP:
- return ctPath.substring( 1 ).equals(FileUtil.getExtension( path ));
+ if( ignoreCase )
+ return ctPath.substring( 1 ).
+ equalsIgnoreCase(FileUtil.getExtension( path ));
+ else
+ return ctPath.substring( 1 ).
+ equals(FileUtil.getExtension( path ));
case Container.PATH_MAP:
- return path.equals( ctPath );
+ if( ignoreCase )
+ return path.equalsIgnoreCase( ctPath );
+ else
+ return path.equals( ctPath );
}
return false;
}
