advertisement
Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

COBOL, Programming Language of the Future
Seven Secrets of Successful Pair Programming
Never Version Your API: Lesson Learned from Web Services and REST
The Code Reuse Paradox
Why Semantic Technology Will Never Work 100%

advertisement
advertisement
 

Audit Your Struts Configuration Files to Avoid JAAS Errors : Page 2

By programmatically comparing your Struts configuration files against your JAAS policy file, you can simplify the process of keeping the files synchronized, and automatically get advance warnings if your pages aren't accessible.


by Doug Tillman
Feb 3, 2005
Page 2 of 3
advertisement
The Audit Utility
The audit utility (hereafter called the auditor) begins its work by creating a Python list of the files referenced in the Permissions section of the JAAS policy file. As I mentioned, this is a structured file, so it is possible to process it, however, it isn't as straightforward a task as parsing an XML document. I've hard-coded the path to the policy file in the sample code that accompanies the article but you could just as easily read this value from a properties file or pass it as a command line parameter.

The createPolicyFileList() method reads the JAAS file and then uses a regular expression to cull out the lines that specify a JAAS permission (see the sample permission file bundled with the downloadable source). Python provides the re regular expression library as a part of its core API, so it isn't difficult to compile a regular expression pattern so only the "Permission" lines are processed.

   q = re.compile("URLPermission")
As the method reads each line of the file, it splits each line containing a JAAS permission. Each token in the line becomes an element in the plist variable (line 3 in the code below) which is a Python list data structure. Line 6 compiles another regular expression that finds lines ending with a .shtml extension, which is an arbitrary, pre-defined extension used in my environment to indicate a page served via the Struts framework. If you use a different extension you'll obviously have to modify this line of code.

Editor's Note: In the code snippets in this article, some of the Python indentations have been altered to suit the formatting of this article's Web page. Double check the source code download to verify the indentations if you cut-and-paste these code snippets into your own project. 

   1. for line in inputfile:
   2.         if q.search(line):
   3.            plist = q.split(line)
   4.            page=re.compile("\w*.shtml")
   5.            if page.search(plist[1]):
   6.            pageName = plist[1][string.rfind(plist[1], \ 
                 "/")+1:string.rfind(plist[1], ".")]
   7.            policyPages.append(pageName)
Executing the split() method at line 3 on the line below from the sample JAAS policy file seems like it ought to result in a three-element list but Python parses it into only two. The reasons for this are outside the scope of this discussion; suffice it to say that buyFromGrainger.shtml becomes the subscript[1] element of the plist variable (see line 3 above).








   permission com.grainger.URLPermission 
      "/buyFromGrainger.shtml"
What you really need though is just the page name without the extension, so line 6 takes a slice of the plist variable culling out the text between the slash and the period. Line 7 adds the page name to the policyPages list that will be returned by the method. The next portion of the code deals with parsing and extracting the paths from the Struts configuration file(s) and checking them against this list.
« Previous Page 123 Next Page »
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 
advertisement
Sitemap