Merge pull request #1221 from mysinmyc/xml_issue

Fix for issue #1220

h2/src/main/org/h2/security/auth/DefaultAuthenticator.java

@@ -14,8 +14,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import javax.xml.bind.JAXB;
-
 import org.h2.api.CredentialsValidator;
 import org.h2.api.UserToRolesMapper;
 import org.h2.engine.Database;
@@ -237,7 +235,7 @@ public class DefaultAuthenticator implements Authenticator {
      * @throws Exception
      */
     public void configureFromUrl(URL configUrl) throws Exception {
-        H2AuthConfig config = JAXB.unmarshal(configUrl, H2AuthConfig.class);
+        H2AuthConfig config = H2AuthConfigXml.parseFrom(configUrl);
         configureFrom(config);
     }
 

h2/src/main/org/h2/security/auth/H2AuthConfig.java

@@ -8,20 +8,11 @@ package org.h2.security.auth;
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-
 /**
  * Describe configuration of H2 DefaultAuthenticator
  */
-@XmlRootElement(name = "h2Auth")
-@XmlAccessorType(XmlAccessType.FIELD)
 public class H2AuthConfig {
 
-    @XmlAttribute
     private boolean allowUserRegistration=true;
 
     public boolean isAllowUserRegistration() {
@@ -31,8 +22,7 @@ public class H2AuthConfig {
     public void setAllowUserRegistration(boolean allowUserRegistration) {
         this.allowUserRegistration = allowUserRegistration;
     }
-
-    @XmlAttribute
+    
     boolean createMissingRoles=true;
 
     public boolean isCreateMissingRoles() {
@@ -43,7 +33,6 @@ public class H2AuthConfig {
         this.createMissingRoles = createMissingRoles;
     }
 
-    @XmlElement(name = "realm")
     List<RealmConfig> realms;
 
     public List<RealmConfig> getRealms() {
@@ -57,7 +46,6 @@ public class H2AuthConfig {
         this.realms = realms;
     }
 
-    @XmlElement(name = "userToRolesMapper")
     List<UserToRolesMapperConfig> userToRolesMappers;
 
     public List<UserToRolesMapperConfig> getUserToRolesMappers() {

h2/src/main/org/h2/security/auth/H2AuthConfigXml.java

+/*
+ * Copyright 2004-2018 H2 Group. Multiple-Licensed under the MPL 2.0,
+ * and the EPL 1.0 (http://h2database.com/html/license.html).
+ * Initial Developer: Alessandro Ventura
+ */
+package org.h2.security.auth;
+
+import java.io.InputStream;
+import java.net.URL;
+
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+
+import org.xml.sax.Attributes;
+import org.xml.sax.SAXException;
+import org.xml.sax.helpers.DefaultHandler;
+
+/**
+ * Parser of external authentication XML configuration file
+ */
+public class H2AuthConfigXml extends DefaultHandler{
+
+    H2AuthConfig result;
+
+    HasConfigProperties lastConfigProperties;
+
+    @Override
+    public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
+        switch (qName) {
+        case "h2Auth":
+            result = new H2AuthConfig();
+            result.setAllowUserRegistration("true".equals(
+                    getAttributeValueOr("allowUserRegistration",attributes,"false")));
+            result.setCreateMissingRoles("true".equals(
+                    getAttributeValueOr("createMissingRoles",attributes, "true")));
+            break;
+        case "realm":
+            RealmConfig realmConfig = new RealmConfig();
+            realmConfig.setName(getMandatoryAttributeValue("name", attributes));
+            realmConfig.setValidatorClass(getMandatoryAttributeValue("validatorClass", attributes));
+            result.getRealms().add(realmConfig);
+            lastConfigProperties=realmConfig;
+            break;
+        case "userToRolesMapper":
+            UserToRolesMapperConfig userToRolesMapperConfig = new UserToRolesMapperConfig();
+            userToRolesMapperConfig.setClassName(getMandatoryAttributeValue("className", attributes));
+            result.getUserToRolesMappers().add(userToRolesMapperConfig);
+            lastConfigProperties=userToRolesMapperConfig;
+            break;
+        case "property":
+            if (lastConfigProperties==null) {
+                throw new SAXException("property element in the wrong place");
+            }
+            lastConfigProperties.getProperties().add(new PropertyConfig(
+                    getMandatoryAttributeValue("name", attributes),
+                    getMandatoryAttributeValue("value", attributes)));
+            break;
+        default:
+            throw new SAXException("unexpected element "+qName);
+        }
+        
+    }
+
+    @Override
+    public void endElement(String uri, String localName, String qName) throws SAXException {
+        if (lastConfigProperties!=null && qName.equals("property")==false) {
+            lastConfigProperties=null;
+        }
+    }
+
+    static String getMandatoryAttributeValue(String attributeName, Attributes attributes) throws SAXException {
+        String attributeValue=attributes.getValue(attributeName);
+        if (attributeValue==null || attributeValue.trim().equals("")) {
+            throw new SAXException("missing attribute "+attributeName);
+        }
+        return attributeValue;
+        
+    }
+
+    static String getAttributeValueOr(String attributeName, Attributes attributes, String defaultValue) {
+        String attributeValue=attributes.getValue(attributeName);
+        if (attributeValue==null || attributeValue.trim().equals("")) {
+            return defaultValue;
+        }
+        return attributeValue;
+    }
+
+    public H2AuthConfig getResult() {
+        return result;
+    }
+
+    /**
+     * Parse the xml 
+     * @param url
+     * @return
+     * @throws Exception
+     */
+    public static H2AuthConfig parseFrom(URL url) throws Exception{
+        try (InputStream inputStream= url.openStream()) {
+            return parseFrom(inputStream);
+        }
+    }
+
+    public static H2AuthConfig parseFrom(InputStream inputStream) throws Exception{
+        SAXParser saxParser = SAXParserFactory.newInstance().newSAXParser();        
+        H2AuthConfigXml xmlHandler = new H2AuthConfigXml();
+        saxParser.parse(inputStream,xmlHandler);
+        return xmlHandler.getResult();
+    }
+}

h2/src/main/org/h2/security/auth/HasConfigProperties.java

+/*
+ * Copyright 2004-2018 H2 Group. Multiple-Licensed under the MPL 2.0,
+ * and the EPL 1.0 (http://h2database.com/html/license.html).
+ * Initial Developer: Alessandro Ventura
+ */
+package org.h2.security.auth;
+
+import java.util.List;
+
+public interface HasConfigProperties {
+    List<PropertyConfig> getProperties();
+}

h2/src/main/org/h2/security/auth/PropertyConfig.java

@@ -5,20 +5,13 @@
  */
 package org.h2.security.auth;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-
 /**
  * Configuration property
  */
-@XmlAccessorType(XmlAccessType.FIELD)
 public class PropertyConfig {
 
-    @XmlAttribute(required = true)
     private String name;
 
-    @XmlAttribute
     private String value;
 
     public PropertyConfig() {

h2/src/main/org/h2/security/auth/RealmConfig.java

@@ -8,18 +8,8 @@ package org.h2.security.auth;
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
+public class RealmConfig implements HasConfigProperties{
 
-/**
- * Configuration for authentication realm.
- */
-@XmlAccessorType(XmlAccessType.FIELD)
-public class RealmConfig {
-
-    @XmlAttribute(required = true)
     private String name;
 
     public String getName() {
@@ -30,7 +20,6 @@ public class RealmConfig {
         this.name = name;
     }
 
-    @XmlAttribute(required = true)
     String validatorClass;
 
     public String getValidatorClass() {
@@ -41,7 +30,6 @@ public class RealmConfig {
         this.validatorClass = validatorClass;
     }
 
-    @XmlElement(name = "property")
     List<PropertyConfig> properties;
 
     public List<PropertyConfig> getProperties() {

h2/src/main/org/h2/security/auth/UserToRolesMapperConfig.java

@@ -8,21 +8,10 @@ package org.h2.security.auth;
 import java.util.ArrayList;
 import java.util.List;
 
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
+public class UserToRolesMapperConfig implements HasConfigProperties{
 
-/**
- * Configuration for class that maps users to roles.
- */
-@XmlAccessorType(XmlAccessType.FIELD)
-public class UserToRolesMapperConfig {
-
-    @XmlAttribute(required = true, name="class")
     private String className;
 
-    @XmlElement(name = "property")
     private List<PropertyConfig> properties;
 
     public String getClassName() {

h2/src/test/org/h2/test/auth/TestAuthentication.java

@@ -5,6 +5,7 @@
  */
 package org.h2.test.auth;
 
+import java.io.ByteArrayInputStream;
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.SQLException;
@@ -25,6 +26,8 @@ import org.h2.engine.Session;
 import org.h2.engine.User;
 import org.h2.jdbcx.JdbcConnectionPool;
 import org.h2.security.auth.DefaultAuthenticator;
+import org.h2.security.auth.H2AuthConfig;
+import org.h2.security.auth.H2AuthConfigXml;
 import org.h2.security.auth.impl.AssignRealmNameRole;
 import org.h2.security.auth.impl.JaasCredentialsValidator;
 import org.h2.security.auth.impl.StaticRolesMapper;
@@ -134,6 +137,7 @@ public class TestAuthentication extends TestBase {
         testUserRegistration();
         testSet();
         testDatasource();
+        testXmlConfig();
     }
 
     protected void testInvalidPassword() throws Exception {
@@ -274,4 +278,28 @@ public class TestAuthentication extends TestBase {
         }
         testExternalUser();
     }
+    
+    static final String TESTXML="<h2Auth allowUserRegistration=\"true\" createMissingRoles=\"false\">"
+            + "<realm name=\"ciao\" validatorClass=\"myclass\"/>"
+            + "<realm name=\"miao\" validatorClass=\"myclass1\">"
+            + "<property name=\"prop1\" value=\"value1\"/>"
+            + "<userToRolesMapper className=\"class1\">"
+            + "<property name=\"prop2\" value=\"value2\"/>"
+            + "</userToRolesMapper>"
+            + "</realm>"
+            + "</h2Auth>";
+    
+    protected void testXmlConfig() throws Exception {
+        ByteArrayInputStream inputStream = new ByteArrayInputStream(TESTXML.getBytes());
+        H2AuthConfig config = H2AuthConfigXml.parseFrom(inputStream);
+        assertTrue(config.isAllowUserRegistration());
+        assertFalse(config.isCreateMissingRoles());
+        assertEquals("ciao",config.getRealms().get(0).getName());
+        assertEquals("myclass",config.getRealms().get(0).getValidatorClass());
+        assertEquals("prop1",config.getRealms().get(1).getProperties().get(0).getName());
+        assertEquals("value1",config.getRealms().get(1).getProperties().get(0).getValue());
+        assertEquals("class1",config.getUserToRolesMappers().get(0).getClassName());
+        assertEquals("prop2",config.getUserToRolesMappers().get(0).getProperties().get(0).getName());
+        assertEquals("value2",config.getUserToRolesMappers().get(0).getProperties().get(0).getValue());
+    }
 }
\ No newline at end of file