]> git.aero2k.de Git - tmp/jakarta-migration.git/commitdiff
projects / tmp / jakarta-migration.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0375706)
CSPACE-2735: Security interceptor not handling HyperJaxb3 IDs properly -preventing...
authorRichard Millet <richard.millet@berkeley.edu>
Fri, 27 Aug 2010 17:03:55 +0000 (17:03 +0000)
committerRichard Millet <richard.millet@berkeley.edu>
Fri, 27 Aug 2010 17:03:55 +0000 (17:03 +0000)
services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java patch | blob | history

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
index 69c2624523136750a2851e2402d254966272c0e1..be950eacdd9399ff07bea7334409a7e8db487f2a 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java
@@ -157,6 +157,7 @@ public class SecurityInterceptor implements PreProcessInterceptor {
                String uriPath = uriInfo.getPath();
 
                MultivaluedMap<String, String> pathParams = uriInfo.getPathParameters();
+               
                for (String pathParamName : pathParams.keySet()) {
                        //assumption : path params for csid for any entity has substring csid in name
                        String pathParamValue = pathParams.get(pathParamName).get(0);
@@ -164,10 +165,6 @@ public class SecurityInterceptor implements PreProcessInterceptor {
                                //replace csids with wildcard
                                uriPath = uriPath.replace(pathParamValue, "*");
                        }
-                       if ((pathParamName.toLowerCase().indexOf("id") > -1)) {
-                               //replace id with wildcard
-                               uriPath = uriPath.replace(pathParamValue, "*");
-                       }
                        if ((pathParamName.toLowerCase().indexOf("predicate") > -1)) {
                                //replace csids with wildcard
                                uriPath = uriPath.replace(pathParamValue, "*");
@@ -182,6 +179,18 @@ public class SecurityInterceptor implements PreProcessInterceptor {
                                uriPath = uriPath.replace(pathParamValue, "*");
                        }
                }
+               
+               // FIXME: REM
+               // Since the hjid (HyperJaxb3 generated IDs are not unique strings in URIs that also have a CSID,
+               // we need to replace hjid last.  We can fix this by having HyperJaxb3 generate UUID.
+               // Assumption : path param name for csid is lowercase
+               //
+               List<String> hjidValueList = pathParams.get("id");
+               if (hjidValueList != null) {
+                       String hjidValue = hjidValueList.get(0); //should be just one value, so get the first.
+                       uriPath = uriPath.replace(hjidValue, "*");
+               }
+               
                uriPath = uriPath.replace("//", "/");
                return uriPath;
        }