SEC-11: Release authz tag dependancy on JSP 2.0 about spring-security HOT 4 CLOSED

Scott McCrory said:

Looking at the code, it appears that the only place in Acegi were String.replaceAll(S,S) exists is in java.net.sf.acegisecurity.taglibs.authz.AuthorizeTag.parseAuthoritiesString(S). My understanding is that replaceAll is a JDK 1.4+ method, so to maintain Acegi’s JDK 1.3 compatability, I recommend replacing this line, perhaps with:

// Remove the role’s whitespace characters without depending on JDK 1.4+
// Includes space, tab, new line, carriage return and form feed.
String role = StringUtils.replace(authority, " ", "");
role = StringUtils.replace(role, “\t”, "");
role = StringUtils.replace(role, “\r”, "");
role = StringUtils.replace(role, “\n”, "");
role = StringUtils.replace(role, “\f”, "");

Scott

from spring-security.

Scott McCrory said:

Today (7/19/2005) I applied the code against the CVS (0.9.0 snapshot) head, as well as 0.8.3, and all of Acegi’s tests pass in both cases. I also confirmed that the modified authz tag works under WSAD’s Websphere Test Environment 5.0 (almost a complete Websphere Application Server 5.0 instance). As such, I’d recommend that Francois applies the changes recommended in my previous comment to maintain Acegi’s JDK 1.3 compatability. Thanks in advance for your time!

from spring-security.

Ben Alex said:

Please commit the fix to CVS and update /docs/xdocs/changes.xml.

from spring-security.

Scott McCrory said:

Done

from spring-security.