Skip to main content

Source code revision

svn

summary: Fix for GLASSFISH-20510 URISyntaxException getting monitoring data
revision: 61977
author: tjquinn
date: 2013-05-14 14:55:27 UTC (3 years)
message: Fix for GLASSFISH-20510 URISyntaxException getting monitoring data

The "get" command, as some other asadmin commands, must compute the admin security access checks dynamically based on exactly which resources that invocation of the command accesses. The CommandSecurityChecker class then submits each individual resource separately to the authorization service, passing each resource as a URI. In the case of "get" the resource names come from the dotted names for the items reported.

Some EJB monitoring probes (reported using 'get -m "*"' for example) contain characters that are not legal in a URI, but CommandSecurityChecker did not encode such names.

With this fix, such encoding takes place using the standard SE URLEncoding class. The effect is a no-op if the resource name already conforms to URI/URL rules and encodes the resource name otherwise.

Approved for 4.0: Tom
Reviewed: Tom
Test: Passed QL tests, the sequence of commands identified by Marina in the issue
Change Path Actions
M branches/4.0/nucleus/admin/util/src/main/java/com/sun/enterprise/admin/util/CommandSecurityChecker.java
 
 
Close
loading
Please Confirm
Close