[prev in list] [next in list] [prev in thread] [next in thread]
List: slide-dev
Subject: cvs commit: jakarta-slide/src/webdav/server/org/apache/slide/webdav/method PropFindMethod.java
From: juergen () apache ! org
Date: 2002-01-30 14:02:17
[Download RAW message or body]
juergen 02/01/30 06:02:17
Modified: src/webdav/server/org/apache/slide/webdav/method
PropFindMethod.java
Log:
Now the read-acl permission is checked if a principel trys to read a acl property. \
(Eckehard)
Revision Changes Path
1.46 +23 -4 \
jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/PropFindMethod.java
Index: PropFindMethod.java
===================================================================
RCS file: /home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/PropFindMethod.java,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- PropFindMethod.java 23 Jan 2002 15:07:24 -0000 1.45
+++ PropFindMethod.java 30 Jan 2002 14:02:17 -0000 1.46
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/PropFindMethod.java,v \
1.45 2002/01/23 15:07:24 juergen Exp $
- * $Revision: 1.45 $
- * $Date: 2002/01/23 15:07:24 $
+ * $Header: /home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/PropFindMethod.java,v \
1.46 2002/01/30 14:02:17 juergen Exp $ + * $Revision: 1.46 $
+ * $Date: 2002/01/30 14:02:17 $
*
* ====================================================================
*
@@ -83,6 +83,7 @@
import org.apache.slide.lock.*;
import org.apache.slide.content.*;
import org.apache.slide.security.NodePermission;
+import org.apache.slide.security.Security;
/**
* PROPFIND method.
@@ -698,7 +699,7 @@
}
generatedXML.writeElement(null, OWNER, XMLPrinter.OPENING);
generatedXML.writeElement(null, "href", XMLPrinter.OPENING);
- generatedXML.writeText(ownerHref);
+ generatedXML.writeText(WebdavUtils.encodeURL(ownerHref));
generatedXML.writeElement(null, "href", XMLPrinter.CLOSING);
generatedXML.writeElement(null, OWNER, XMLPrinter.CLOSING);
}
@@ -1261,6 +1262,24 @@
NamespaceConfig config = token.getNamespaceConfig();
+ // check read-acl permission
+ Security securityHelper = token.getSecurityHelper();
+ try {
+ securityHelper.checkCredentials(slideToken, object, \
config.getReadPermissionsAction()); + } catch (AccessDeniedException ade) {
+ try {
+ resp.sendError(WebdavStatus.SC_FORBIDDEN,
+ WebdavStatus.getStatusText(WebdavStatus.SC_FORBIDDEN));
+ } catch(IOException ex) {}
+ throw new WebdavException(WebdavStatus.SC_FORBIDDEN);
+ } catch (ServiceAccessException sae) {
+ try {
+ resp.sendError(WebdavStatus.SC_FORBIDDEN,
+ WebdavStatus.getStatusText(WebdavStatus.SC_FORBIDDEN));
+ } catch(IOException ex) {}
+ throw new WebdavException(WebdavStatus.SC_FORBIDDEN);
+ }
+
// read
String readObjectUri = config.getReadObjectAction().getUri();
String readRevisionMetadataUri =
--
To unsubscribe, e-mail: <mailto:slide-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:slide-dev-help@jakarta.apache.org>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic