tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cos...@locus.apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/servlets JSecurityCheck.java AuthServlet.java DefaultErrorPage.java
Date Thu, 17 Feb 2000 07:52:25 GMT
costin      00/02/16 23:52:24

  Modified:    src/examples/WEB-INF web.xml
               src/share/org/apache/tomcat/context DefaultCMSetter.java
                        LoadOnStartupInterceptor.java
               src/share/org/apache/tomcat/core ContextManager.java
                        HttpServletResponseFacade.java Request.java
                        RequestDispatcherImpl.java RequestImpl.java
                        ServletWrapper.java
               src/share/org/apache/tomcat/request SecurityCheck.java
               src/share/org/apache/tomcat/service
                        Ajp11ConnectionHandler.java
               src/share/org/apache/tomcat/service/connector
                        Ajp12ConnectionHandler.java
                        Ajp23ConnectionHandler.java
                        JNIConnectionHandler.java
               src/share/org/apache/tomcat/service/http
                        HttpConnectionHandler.java
               src/share/org/apache/tomcat/servlets AuthServlet.java
                        DefaultErrorPage.java
  Added:       src/examples/jsp/security login.jsp
               src/examples/jsp/security/protected index.jsp
               src/share/org/apache/tomcat/servlets JSecurityCheck.java
  Log:
  Ok, I hope this is the last "big" change for 3.1
  
  Error handling was broken ( i.e. error-page was not called for error codes,
  exceptions were handled at-hoc).
  
  Added a single method that handles that, in ContextManager, added code to
  redirect to error pages for special HTTP errors, try hard to avoid loops.
  
  We have a bit too much debugging on, but that's not a but and will be removed
  before 3.1 ( since we are bug-fixing we should keep it until everything
  works )
  
  Implemented form login, added an example. Now we should have BASIC and FORM
  working ( except that no auth repository is plugged in, any user/password will
  be accepted ). I'll add users.xml before 3.1 ( as a bug-fix, not a feature :-)
  
  Revision  Changes    Path
  1.3       +34 -0     jakarta-tomcat/src/examples/WEB-INF/web.xml
  
  Index: web.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/examples/WEB-INF/web.xml,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- web.xml	1999/10/20 22:07:58	1.2
  +++ web.xml	2000/02/17 07:52:16	1.3
  @@ -64,4 +64,38 @@
              /WEB-INF/jsp/example-taglib.tld
           </taglib-location>
       </taglib>
  +
  +    <login-config>
  +      <auth-method>FORM</auth-method>
  +      <realm-name>examples</realm-name>
  +      <form-login-config><form-login-page>/jsp/security/login.jsp</form-login-page>
  +      </form-login-config>
  +    </login-config>
  +
  +    <security-constraint>
  +      <web-resource-collection>
  +         <web-resource-name>a</web-resource-name>
  +         <url-pattern>/jsp/security/protected/*</url-pattern>
  +         <url-pattern>/jsp/security/protected1/</url-pattern>
  +         <http-method>GET</http-method>
  +         <http-method>POST</http-method>
  +      </web-resource-collection>
  +
  +      <web-resource-collection>
  +         <web-resource-name>a</web-resource-name>
  +         <url-pattern>/foo2/*</url-pattern>
  +         <url-pattern>/bar2/*</url-pattern>
  +      </web-resource-collection>
  +
  +      <auth-constraint>
  +         <role-name>tomcat</role-name>
  +         <role-name>role1</role-name>
  +      </auth-constraint>
  +
  +      <!-- No https support, later
  +          user-data-constraint>
  +         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  +      </user-data-constraint -->
  +    </security-constraint>
  +
   </web-app>
  
  
  
  1.1                  jakarta-tomcat/src/examples/jsp/security/login.jsp
  
  Index: login.jsp
  ===================================================================
  <html>
  <body>
  <h1>Login page for examples</h1>
  
  <form method="POST" action="j_security_check" >
   <input type="text" name="j_username"> 
   <input type="password" name="j_password"> 
   
   <input type="submit" name="j_security_check">
  </form>
  
  </body>
  </html>
  
  
  
  1.1                  jakarta-tomcat/src/examples/jsp/security/protected/index.jsp
  
  Index: index.jsp
  ===================================================================
  <!doctype html public "-//w3c//dtd html 4.0 transitional//en">
  <html>
  <body>
  <h1>Great, you logged in </h1>
  </body>
  </html>
  
  
  
  1.16      +8 -2      jakarta-tomcat/src/share/org/apache/tomcat/context/DefaultCMSetter.java
  
  Index: DefaultCMSetter.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/context/DefaultCMSetter.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- DefaultCMSetter.java	2000/02/16 00:48:44	1.15
  +++ DefaultCMSetter.java	2000/02/17 07:52:18	1.16
  @@ -107,13 +107,19 @@
   	// Set default session manager if none set
   	if( ctx.getSessionManager() == null ) 
   	    ctx.setSessionManager(new org.apache.tomcat.session.StandardSessionManager());
  -
   	//  Alternative: org.apache.tomcat.session.ServerSessionManager.getManager();
  +
   	ServletWrapper authWrapper=new ServletWrapper();
   	authWrapper.setContext( ctx );
   	authWrapper.setServletClass( "org.apache.tomcat.servlets.AuthServlet" );
  -	authWrapper.setServletName( "authServlet");
  +	authWrapper.setServletName( "tomcat.authServlet");
   	ctx.addServlet( authWrapper );
  +
  +	ServletWrapper errorWrapper=new ServletWrapper();
  +	errorWrapper.setContext( ctx );
  +	errorWrapper.setServletClass( "org.apache.tomcat.servlets.DefaultErrorPage" );
  +	errorWrapper.setServletName( "tomcat.errorPage");
  +	ctx.addServlet( errorWrapper );
   
   	// XXX Loader properties - need to be set on loader!!
   	//ctx.setServletLoader( new org.apache.tomcat.loader.ServletClassLoaderImpl());
  
  
  
  1.9       +1 -0      jakarta-tomcat/src/share/org/apache/tomcat/context/LoadOnStartupInterceptor.java
  
  Index: LoadOnStartupInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/context/LoadOnStartupInterceptor.java,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- LoadOnStartupInterceptor.java	2000/02/14 04:59:38	1.8
  +++ LoadOnStartupInterceptor.java	2000/02/17 07:52:18	1.9
  @@ -159,6 +159,7 @@
   	String path=result.getPath();
   	RequestImpl request = new RequestImpl();
   	ResponseImpl response = new ResponseImpl();
  +	request.setContextManager( context.getContextManager());
   	request.recycle();
   	response.recycle();
   	
  
  
  
  1.47      +122 -48   jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java
  
  Index: ContextManager.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v
  retrieving revision 1.46
  retrieving revision 1.47
  diff -u -r1.46 -r1.47
  --- ContextManager.java	2000/02/16 17:13:22	1.46
  +++ ContextManager.java	2000/02/17 07:52:19	1.47
  @@ -66,6 +66,8 @@
   import org.apache.tomcat.request.*;
   import org.apache.tomcat.util.*;
   import org.apache.tomcat.logging.*;
  +import javax.servlet.*;
  +import javax.servlet.http.*;
   import java.io.*;
   import java.net.*;
   import java.util.*;
  @@ -479,71 +481,43 @@
       */
       public void service( Request rrequest, Response rresponse ) {
   	try {
  +	    rrequest.setContextManager( this );
   	    rrequest.setResponse(rresponse);
   	    rresponse.setRequest(rrequest);
   
  -	    // XXX
  -	    //    return if an error was detected in processing the
  -	    //    request line
  -	    if (rresponse.getStatus() >= 400) {
  -		rresponse.finish();
  -		rrequest.recycle();
  -		rresponse.recycle();
  -		return;
  -	    }
  -
  -	    // XXX Hardcoded - it will be changed in the next step.( costin )
  -	    processRequest( rrequest );
  +	    // wront request - parsing error
  +	    int status=rresponse.getStatus();
   
  -	    authenticate( rrequest, rresponse );
  -
  -	    int err=authorize( rrequest, rresponse );
  -	    if( err != 0 ) {
  -		// redirect to the right servlet 
  -		Context ctx=rrequest.getContext();
  -		String authMethod=ctx.getAuthMethod();
  -		ServletWrapper authWrapper=ctx.getServletByName( "authServlet" );
  -		rrequest.setWrapper( authWrapper );
  -		
  -		// unauthorized access, redirect to login page.
  -		// XXX authorize will set request
  -	    }
  -	    
  +	    if( status < 400 )
  +		status= processRequest( rrequest );
   	    
  -	    if( rrequest.getWrapper() == null ) {
  -		log("ERROR: mapper returned no wrapper ");
  -		log(rrequest.toString() );
  -		// XXX send an error - it shouldn't happen, mapper is broken
  +	    if(status==0)
  +		status=authenticate( rrequest, rresponse );
  +	    if(status == 0)
  +		status=authorize( rrequest, rresponse );
  +	    if( status == 0 ) {
  +		rrequest.getWrapper().handleRequest(rrequest,
  +						    rresponse);
   	    } else {
  -		// do it
  -		rrequest.getWrapper().handleRequest(rrequest.getFacade(),
  -						    rresponse.getFacade());
  +		// something went wrong
  +		handleError( rrequest, rresponse, null, status );
   	    }
   	    
  -	    // finish and clean up
   	    rresponse.finish();
  -	    
  -	} catch (Exception e) {
  -	    if(e instanceof IOException && "Broken pipe".equals(e.getMessage()) ) {
  -		log("Broken pipe " + rrequest.getRequestURI());
  -		return;
  -	    }
  -	    // XXX
  -	    // this isn't what we want, we want to log the problem somehow
  -	    log("HANDLER THREAD PROBLEM: " + e);
  -	    log("Request: " + rrequest);
  -	    e.printStackTrace();
  +	    rrequest.recycle();
  +	    rresponse.recycle();
  +	} catch (Throwable t) {
  +	    handleError( rrequest, rresponse, t, 0 );
   	}
  +	return;
       }
   
  -    // XXX need to be changed to use a full sub-request model (costin)
  -    
       /** Will find the ServletWrapper for a servlet, assuming we already have
        *  the Context. This is used by Dispatcher and getResource - where the Context
        *  is already known.
        */
       int processRequest( Request req ) {
  -
  +	req.setContextManager( this );
   	log("ProcessRequest: "+req.toString(), Logger.DEBUG);
   
   	for( int i=0; i< requestInterceptors.size(); i++ ) {
  @@ -580,6 +554,106 @@
   	    ((RequestInterceptor)requestInterceptors.elementAt(i)).beforeBody( req, res );
   	}
   	return 0;
  +    }
  +
  +    void handleError( Request req, Response res , Throwable t, int code ) {
  +	Context ctx = req.getContext();
  +	if(ctx==null) {
  +	    ///*DEBUG*/ try {throw new Exception(); } catch(Exception ex) {ex.printStackTrace();}
  +	    ctx=getContext("");
  +	}
  +
  +	if( code!=0) 
  +	    ctx.log("Status: " + code + " in " + req );
  +	if( t!=null) 
  +	    ctx.log("Exception: " + t.getMessage() + " in " + req );
  +	
  +	String path=null;
  +	ServletWrapper errorServlet=null;
  +
  +	// normal redirects or non-errors
  +	if( code!=0 && code < 400 ) {
  +	    errorServlet=ctx.getServletByName("tomcat.errorPage");
  +	} else if( req.getAttribute("javax.servlet.error.status_code") != null ||
  +	    req.getAttribute("javax.servlet.error.exception_type")!=null) {
  +	    
  +	    if( ctx.getDebug() > 0 ) ctx.log( "Error: exception inside exception servlet " +
  +					      req.getAttribute("javax.servlet.error.status_code") + " " +
  +					      req.getAttribute("javax.servlet.error.exception_type"));
  +	    errorServlet=ctx.getServletByName("tomcat.errorPage");
  +	}
  +
  +	if( t==null) {
  +	    if( code==0 )
  +		code=res.getStatus();
  +	    // we can't support error pages for non-errors, it's to
  +	    // complex and insane
  +	    if( code >= 400 )
  +		path = ctx.getErrorPage( code );
  +	    
  +	    if( code==HttpServletResponse.SC_UNAUTHORIZED ) {
  +		// set extra info for login page
  +		if( errorServlet==null)
  +		    errorServlet=ctx.getServletByName("tomcat.authServlet");
  +		if( ctx.getDebug() > 0 ) ctx.log( "Setting auth servlet " + errorServlet );
  +	    }
  +            req.setAttribute("javax.servlet.error.status_code",new Integer( code));
  +	} else {
  +	    // Scan the exception's inheritance tree looking for a rule
  +	    // that this type of exception should be forwarded
  +	    Class clazz = t.getClass();
  +	    while (path == null && clazz != null) {
  +		String name = clazz.getName();
  +		path = ctx.getErrorPage(name);
  +		clazz = clazz.getSuperclass();
  +	    }
  +	    req.setAttribute("javax.servlet.error.exception_type", t.getClass());
  +            req.setAttribute("javax.servlet.error.message", t.getMessage());
  +	    req.setAttribute("tomcat.servlet.error.throwable", t);
  +	}
  +
  +	// Save the original request, we want to report it
  +	// and we need to use it in the "authentication" case to implement
  +	// the strange requirements for login pages
  +	req.setAttribute("tomcat.servlet.error.request", req);
  +
  +
  +	// No error page or "Exception in exception handler", call internal servlet
  +	if( path==null && errorServlet==null)
  +	    errorServlet=ctx.getServletByName("tomcat.errorPage");
  +
  +	// Try a normal "error page"
  +	if( errorServlet==null && path != null ) {
  +	    try {
  +		RequestDispatcher rd = ctx.getRequestDispatcher(path);
  +		
  +		// try a forward
  +		res.reset();
  +		if (res.isStarted()) 
  +		    rd.include(req.getFacade(), res.getFacade());
  +		else
  +		    rd.forward(req.getFacade(), res.getFacade());
  +		return ;
  +	    } catch( Throwable t1 ) {
  +		// nothing - we'll call DefaultErrorPage
  +	    }
  +	}
  +	
  +	// If No handler or an error happened in handler 
  +	// Default handler
  +	// loop control
  +	if( req.getAttribute("tomcat.servlet.error.handler") != null &&
  +	    code >= 400 ) {
  +	    // error page for 404 doesn't exist... ( or watchdog tests :-)
  +	    ctx.log( "Error/loop in default error handler " + req );
  +	    ctx.log( "Error/loop " + code + " " + t + " " +  path );
  +	} else {
  +	    if( ctx.getDebug() > 0 ) ctx.log( "Error: Calling servlet " + errorServlet );
  +	    req.setAttribute("tomcat.servlet.error.handler", errorServlet);
  +	    errorServlet.handleRequest(req.getFacade(),res.getFacade());
  +	    // will call this if any error happens
  +	}
  +	return;
       }
       
       // -------------------- Sub-Request mechanism --------------------
  
  
  
  1.4       +5 -14     jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java
  
  Index: HttpServletResponseFacade.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- HttpServletResponseFacade.java	2000/02/01 21:39:38	1.3
  +++ HttpServletResponseFacade.java	2000/02/17 07:52:19	1.4
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v 1.3 2000/02/01 21:39:38 costin Exp $
  - * $Revision: 1.3 $
  - * $Date: 2000/02/01 21:39:38 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/HttpServletResponseFacade.java,v 1.4 2000/02/17 07:52:19 costin Exp $
  + * $Revision: 1.4 $
  + * $Date: 2000/02/17 07:52:19 $
    *
    * ====================================================================
    *
  @@ -157,18 +157,9 @@
       public void sendError(int sc, String msg) throws IOException {
   	setStatus( sc );
   	Request request=response.getRequest();
  -	request.setAttribute("javax.servlet.error.status_code",
  -			     String.valueOf(sc));
   	request.setAttribute("javax.servlet.error.message", msg);
  -
  -	// XXX need to customize it
  -	Servlet errorP=new org.apache.tomcat.servlets.DefaultErrorPage();
  -	try {
  -	    errorP.service(request.getFacade(),this);
  -	} catch (ServletException ex ) {
  -	    // shouldn't happen!
  -	    ex.printStackTrace();
  -	}
  +	ContextManager cm=request.getContextManager();
  +	cm.handleError( request, response, null, sc );
       }
   
       public void sendRedirect(String location)
  
  
  
  1.29      +6 -0      jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java
  
  Index: Request.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java,v
  retrieving revision 1.28
  retrieving revision 1.29
  diff -u -r1.28 -r1.29
  --- Request.java	2000/02/16 17:56:11	1.28
  +++ Request.java	2000/02/17 07:52:19	1.29
  @@ -241,6 +241,12 @@
        */
       public HttpServletRequestFacade getFacade() ;
   
  +    /** Pointer to the server engine - for errors, etc
  +     */
  +    public void setContextManager( ContextManager cm );
  +
  +    public ContextManager getContextManager();
  +    
       // -------------------- Internal/deprecated--------------------
       // Derived from parsing query string and body (for POST)
   
  
  
  
  1.18      +3 -3      jakarta-tomcat/src/share/org/apache/tomcat/core/RequestDispatcherImpl.java
  
  Index: RequestDispatcherImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestDispatcherImpl.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- RequestDispatcherImpl.java	2000/02/16 17:13:22	1.17
  +++ RequestDispatcherImpl.java	2000/02/17 07:52:19	1.18
  @@ -157,8 +157,8 @@
   
   	// CM should have set the wrapper - call it
   	// LOG	System.out.println("Forward " + realRequest.getServletPath());
  -	realRequest.getWrapper().handleRequest((HttpServletRequestFacade)request,
  -						   (HttpServletResponseFacade)response);
  +	realRequest.getWrapper().handleRequest(realRequest,
  +						realResponse);
       }
   
       public void include(ServletRequest request, ServletResponse response)
  @@ -253,7 +253,7 @@
    	// now it's really strange: we call the wrapper on the subrequest
   	// for the realRequest ( since the real request will still have the
   	// original handler/wrapper )
  -	subRequest.getWrapper().handleRequest(realRequest.getFacade() , (HttpServletResponseFacade)response);
  +	subRequest.getWrapper().handleRequest(realRequest , realResponse);
   
   	// After request, we want to restore the include attributes - for
   	// chained includes.
  
  
  
  1.19      +12 -3     jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java
  
  Index: RequestImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- RequestImpl.java	2000/02/16 00:30:29	1.18
  +++ RequestImpl.java	2000/02/17 07:52:19	1.19
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v 1.18 2000/02/16 00:30:29 costin Exp $
  - * $Revision: 1.18 $
  - * $Date: 2000/02/16 00:30:29 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v 1.19 2000/02/17 07:52:19 costin Exp $
  + * $Revision: 1.19 $
  + * $Date: 2000/02/17 07:52:19 $
    *
    * ====================================================================
    *
  @@ -108,6 +108,7 @@
       protected Response response;
       protected HttpServletRequestFacade requestFacade;
       protected Context context;
  +    protected ContextManager contextM;
       protected Hashtable attributes = new Hashtable();
   
       protected boolean didReadFormData;
  @@ -342,6 +343,14 @@
       
       public void setContext(Context context) {
   	this.context = context;
  +    }
  +
  +    public void setContextManager( ContextManager cm ) {
  +	contextM=cm;
  +    }
  +
  +    public ContextManager getContextManager() {
  +	return contextM;
       }
   
       public Cookie[] getCookies() {
  
  
  
  1.29      +131 -262  jakarta-tomcat/src/share/org/apache/tomcat/core/ServletWrapper.java
  
  Index: ServletWrapper.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ServletWrapper.java,v
  retrieving revision 1.28
  retrieving revision 1.29
  diff -u -r1.28 -r1.29
  --- ServletWrapper.java	2000/02/16 17:13:23	1.28
  +++ ServletWrapper.java	2000/02/17 07:52:20	1.29
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ServletWrapper.java,v 1.28 2000/02/16 17:13:23 costin Exp $
  - * $Revision: 1.28 $
  - * $Date: 2000/02/16 17:13:23 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ServletWrapper.java,v 1.29 2000/02/17 07:52:20 costin Exp $
  + * $Revision: 1.29 $
  + * $Date: 2000/02/17 07:52:20 $
    *
    * ====================================================================
    *
  @@ -82,6 +82,7 @@
       protected StringManager sm = StringManager.getManager("org.apache.tomcat.core");
   
       protected Context context;
  +    protected ContextManager contextM;
   
       // servletName is stored in config!
       protected String servletClassName; // required
  @@ -95,6 +96,7 @@
       // optional informations
       protected String description = null;
   
  +    boolean initialized=false;
       // Usefull info for class reloading
       protected boolean isReloadable = false;
       // information + make sure destroy is called when no other servlet
  @@ -118,6 +120,7 @@
   
       public void setContext( Context context) {
           this.context = context;
  +	contextM=context.getContextManager();
   	config.setContext( context );
   	isReloadable=context.getReloadable();
       }
  @@ -206,16 +209,45 @@
       }
       
       void destroy() {
  +	initialized=false;
   	if (servlet != null) {
   	    synchronized (this) {
  -		waitForDestroy();
  +		// Fancy sync logic is to make sure that no threads are in the
  +		// handlerequest when this is called and, furthermore, that
  +		// no threads go through handle request after this method starts!
  +		// Wait until there are no outstanding service calls,
  +		// or until 30 seconds have passed (to avoid a hang)
  +		
  +		//XXX I don't think it works ( costin )
  +		while (serviceCount > 0) {
  +		    try {
  +			wait(30000);
  +			
  +			break;
  +		    } catch (InterruptedException e) { }
  +		}
  +
   		try {
  -		    handleDestroy( context, servlet );
  -		} catch(IOException ioe) {
  -		    ioe.printStackTrace();
  -		    // Should never come here...
  -		} catch(ServletException se) {
  -		    se.printStackTrace();
  +		    ContextInterceptor cI[]=context.getContextInterceptors();
  +		    for( int i=0; i<cI.length; i++ ) {
  +			try {
  +			    cI[i].preServletDestroy( context, this ); // ignore the error - like in the original code
  +			} catch( TomcatException ex) {
  +			    ex.printStackTrace();
  +			}
  +			
  +		    }
  +		    servlet.destroy();
  +		    for( int i=cI.length-1; i>=0; i-- ) {
  +			try {
  +			    cI[i].postServletDestroy( context, this ); // ignore the error - like in the original code
  +			} catch( TomcatException ex) {
  +			    ex.printStackTrace();
  +			}
  +			
  +		    }
  +		} catch(Exception ex) {
  +		    ex.printStackTrace();
   		    // Should never come here...
   		}
   	    }
  @@ -236,58 +268,52 @@
   	}
   	
   	servlet = (Servlet)servletClass.newInstance();
  -
  +	
   	config.setServletClassName(servlet.getClass().getName());
  +	initServlet();
  +    }
   
  +    
  +    void initServlet()
  +	throws ClassNotFoundException, InstantiationException,
  +	IllegalAccessException, ServletException
  +    {
   	try {
   	    final Servlet sinstance = servlet;
   	    final ServletConfigImpl servletConfig = config;
   	    
  -	    handleInit(context, servlet, servletConfig);
  -	} catch(IOException ioe) {
  -	    ioe.printStackTrace();
  -	    // Should never come here...
  -	}
  -    }
  -
  -    // XXX XXX need to go directly to Jsp API 
  -    void handleJspRequest(final HttpServletRequestFacade request,
  -			      final HttpServletResponseFacade response)
  -	throws IOException
  -    {
  -	// "Special" JSP
  -	String requestURI = path + request.getPathInfo();
  -	RequestDispatcher rd = request.getRequestDispatcher(requestURI);
  -	
  -	try {
  -	    if (! response.getRealResponse().isStarted())
  -		rd.forward(request, response);
  -	    else
  -		rd.include(request, response);
  +	    ContextInterceptor cI[]=context.getContextInterceptors();
  +	    for( int i=0; i<cI.length; i++ ) {
  +		try {
  +		    cI[i].preServletInit( context, this ); // ignore the error - like in the original code
  +		} catch( TomcatException ex) {
  +		    ex.printStackTrace();
  +		}
  +	    }
  +	    servlet.init(servletConfig);
  +	    // if an exception is thrown in init, no end interceptors will be called.
  +	    // that was in the origianl code
  +	    
  +	    for( int i=cI.length-1; i>=0; i-- ) {
  +		try {
  +		    cI[i].postServletInit( context, this ); // ignore the error - like in the original code
  +		} catch( TomcatException ex) {
  +		    ex.printStackTrace();
  +		}
   		
  -	} catch (ServletException se) {
  -	    se.printStackTrace();
  -	    response.sendError(404);
  -	} catch (IOException ioe) {
  +	    }
  +	    initialized=true;
  +	} catch(Exception ioe) {
   	    ioe.printStackTrace();
  -	    response.sendError(404);
  +	    // Should never come here...
   	}
  -	return;
       }
  -    
  -    public void handleRequest(final HttpServletRequestFacade request,
  -			      final HttpServletResponseFacade response)
  -	throws IOException
  -    {
  -	if( path != null ) handleJspRequest( request, response );
   
  -	Context context = getContext();
  -
  -	// Reloading
  -	// XXX ugly - should find a better way to deal with invoker
  -	// The problem is that we are just clearing up invoker, not
  -	// the class loaded by invoker.
  -
  +    // Reloading
  +    // XXX ugly - should find a better way to deal with invoker
  +    // The problem is that we are just clearing up invoker, not
  +    // the class loaded by invoker.
  +    void handleReload() {
   	// That will be reolved after we reset the context - and many
   	// other conflicts.
   	if( isReloadable && ! "invoker".equals( getServletName())) {
  @@ -295,6 +321,7 @@
   	    if( loader!=null) {
   		// XXX no need to check after we remove the old loader
   		if( loader.shouldReload() ) {
  +		    initialized=false;
   		    loader.reload();
   		    servlet=null;
   		    servletClass=null;
  @@ -312,232 +339,74 @@
   		}
   	    }
   	}
  -	
  -	
  -	if (servlet == null) {
  -	    synchronized (this) {
  -		try {
  -		    loadServlet();
  -		} catch (ClassNotFoundException e) {
  -		    response.sendError(404, "Class not found " + servletClassName);
  -		    return;
  -		} catch (Exception e) {
  -		    // Make sure the servlet will never
  -		    // service a request
  -		    servlet = null;
  -		    sendInternalServletError(e, request, response);
  -		    return;
  -		}
  -	    }
  -	}
  -
  -        try {
  -	    synchronized(this) {
  -		// logic for un-loading
  -		serviceCount++;
  -	    }
  -
  -	    
  -	    handleInvocation( context, servlet, request, response );
  -
  -	} catch (ServletException e) {
  -	    // XXX
  -	    // if it's an unvailable exception, we probably want
  -	    // to paint a different screen
  -            handleException(request, response, e);
  -        } catch (SocketException e) {
  -	    // replace with Log:
  -	    System.out.println("Socket Exception : " + e.getMessage());
  -        } catch (Throwable e) {
  -	    // XXX
  -	    // decide which exceptions we should not eat at this point
  -            handleException(request, response, e);
  -	} finally {
  -	    synchronized(this) {
  -		serviceCount--;
  -		notifyAll();
  -	    }
  -	}
       }
  -
  -    public void handleException(HttpServletRequestFacade request,
  -				HttpServletResponseFacade response,
  -				Throwable t)
  -    {
  -        Context context = request.getRealRequest().getContext();
  -        ServletContextFacade contextFacade = context.getFacade();
  -
  -        // Scan the exception's inheritance tree looking for a rule
  -        // that this type of exception should be forwarded
  -
  -        String path = null;
  -        Class clazz = t.getClass();
  -
  -        while (path == null && clazz != null) {
  -            String name = clazz.getName();
  -            path = context.getErrorPage(name);
  -            clazz = clazz.getSuperclass();
  -        }
  -	
  -        // If path is non-null, we should do a forward
  -        // Don't do a forward if exception_type is already defined though to
  -        // avoid an infinite loop.
  -
  -        if (path != null &&
  -	    request.getAttribute(
  -                Constants.ATTRIBUTE_ERROR_EXCEPTION_TYPE) == null) {
  -            RequestDispatcher rd = contextFacade.getRequestDispatcher(path);
  -
  -            // XXX 
  -            // The spec should really be changed to allow us to include
  -            // the full exception object.  Oh well.
  -
  -            request.setAttribute(Constants.ATTRIBUTE_ERROR_EXCEPTION_TYPE,
  -				 t.getClass().getName());
  -            request.setAttribute(Constants.ATTRIBUTE_ERROR_MESSAGE,
  -				 t.getMessage());
  -
  -            try {
  -		// A forward would be ideal, so reset and try it
  -
  -		response.getRealResponse().reset();
  -
  -		if (response.getRealResponse().isStarted()) 
  -		    rd.include(request, response);
  -		else
  -		    rd.forward(request, response);
  -            } catch (IOException e) {
  -		e.printStackTrace();
  -                // Shouldn't get here
  -            } catch (ServletException e) {
  -		e.printStackTrace();
  -                // Shouldn't get here
  -            }
  -        } else {
  -            try {
  -		sendInternalServletError( t, request, response);
  -	    } catch (IOException e) {
  -                e.printStackTrace();
  -		// ???
  -            }
  -        }
  -    }
  -
  -    void sendInternalServletError( Throwable t, HttpServletRequestFacade request,
  -				   HttpServletResponseFacade response )
  -	throws IOException
  -    {
  -	// Used to communicate with Default Error Page
  -		request.setAttribute("tomcat.error.throwable", t);
  -		// XXX need to make this configurable, any servlet
  -		// can act as the default error handler
  -
  -		// Need to do a normal servlet invocation!
  -		try {
  -		    Servlet errorP=new org.apache.tomcat.servlets.DefaultErrorPage();
  -		    errorP.service(request,response);
  -		} catch(Exception ex) {
  -		    System.out.println("FATAL: error in error handler");
  -		    ex.printStackTrace();
  -		}
  -    }
       
  -    /** Call the init method and all init interceptors
  -     */
  -    protected void handleInit(Context context, Servlet servlet, ServletConfig servletConfig )
  -	throws ServletException, IOException
  +    public void handleRequest(Request req, Response res)
       {
  -	ContextInterceptor cI[]=context.getContextInterceptors();
  -	for( int i=0; i<cI.length; i++ ) {
  -	    try {
  -		cI[i].preServletInit( context, this ); // ignore the error - like in the original code
  -	    } catch( TomcatException ex) {
  -		ex.printStackTrace();
  +	try {
  +	    if( path != null ) {
  +		// XXX call JspServlet directly, did anyone tested it ??
  +		String requestURI = path + req.getPathInfo();
  +		RequestDispatcher rd = req.getContext().getRequestDispatcher(requestURI);
  +		
  +		if (! res.isStarted())
  +		    rd.forward(req.getFacade(), res.getFacade());
  +		else
  +		    rd.include(req.getFacade(), res.getFacade());
  +		return;
   	    }
  -	}
  -	servlet.init(servletConfig);
  -	// if an exception is thrown in init, no end interceptors will be called.
  -	// that was in the origianl code
  +	    
  +	    handleReload();
   
  -	for( int i=cI.length-1; i>=0; i-- ) {
  -	    try {
  -		cI[i].postServletInit( context, this ); // ignore the error - like in the original code
  -	    } catch( TomcatException ex) {
  -		ex.printStackTrace();
  +	    if( ! initialized )
  +		loadServlet();
  +	    
  +	    // XXX to expensive  per/request, un-load is not so frequent and
  +	    // the API doesn't require a special state for destroy
  +	    // synchronized(this) {
  +	    // 		// logic for un-loading
  +	    // 		serviceCount++;
  +	    //
  +	    
  +	    RequestInterceptor cI[]=context.getRequestInterceptors();
  +	    for( int i=0; i<cI.length; i++ ) {
  +		cI[i].preService( req, res ); // ignore the error - like in the original code
   	    }
  -
  -	}
  -    }
  -
  -    /** Call destroy(), with all interceptors before and after in the
  -	right order;
  -    */
  -    protected void handleDestroy(Context context, Servlet servlet )
  -	throws ServletException, IOException
  -    {
  -	ContextInterceptor cI[]=context.getContextInterceptors();
  -	for( int i=0; i<cI.length; i++ ) {
  -	    try {
  -		cI[i].preServletDestroy( context, this ); // ignore the error - like in the original code
  -	    } catch( TomcatException ex) {
  -		ex.printStackTrace();
  +	    
  +	    if (servlet instanceof SingleThreadModel) {
  +		synchronized(servlet) {
  +		    servlet.service(req.getFacade(), res.getFacade());
  +		}
  +	    } else {
  +		servlet.service(req.getFacade(), res.getFacade());
   	    }
  -
  -	}
  -	servlet.destroy();
  -	for( int i=cI.length-1; i>=0; i-- ) {
  -	    try {
  -		cI[i].postServletDestroy( context, this ); // ignore the error - like in the original code
  -	    } catch( TomcatException ex) {
  -		ex.printStackTrace();
  +	    
  +	    for( int i=cI.length-1; i>=0; i-- ) {
  +		cI[i].postService( req , res ); // ignore the error - like in the original code
   	    }
  -
  +	    // 	} finally {
  +	    // 	    synchronized(this) {
  +	    // 		serviceCount--;
  +	    // 		notifyAll();
  +	    // 	    }
  +	    // 	}
  +	} catch( Throwable t ) {
  +	    contextM.handleError( req, res, t, 0 );
   	}
       }
  -    
   
  -    /** Call service(), with all interceptors before and after in the
  -	right order;
  -    */
  -    protected void handleInvocation(Context ctx, Servlet servlet,
  -				  HttpServletRequestFacade request, HttpServletResponseFacade response )
  -	throws ServletException, IOException
  +    /** @deprecated
  +     */
  +    public void handleRequest(final HttpServletRequestFacade request,
  +			      final HttpServletResponseFacade response)
       {
  -	RequestInterceptor cI[]=context.getRequestInterceptors();
  -	for( int i=0; i<cI.length; i++ ) {
  -	    cI[i].preService( request.getRealRequest(), response.getRealResponse() ); // ignore the error - like in the original code
  -	}
  -	
  -	if (servlet instanceof SingleThreadModel) {
  -	    synchronized(servlet) {
  -		servlet.service(request, response);
  -	    }
  -	} else {
  -	    servlet.service(request, response);
  -	}
  -
  -	for( int i=cI.length-1; i>=0; i-- ) {
  -	    cI[i].postService( request.getRealRequest() , response.getRealResponse() ); // ignore the error - like in the original code
  -	}
  -    }
  +	Request rrequest=request.getRealRequest();
  +	Response rresponse=rrequest.getResponse();
   
  -    // Fancy sync logic is to make sure that no threads are in the
  -    // handlerequest when this is called and, furthermore, that
  -    // no threads go through handle request after this method starts!
  -    protected void waitForDestroy() {
  -	// Wait until there are no outstanding service calls,
  -	// or until 30 seconds have passed (to avoid a hang)
  -	
  -	// XXX wrong logic !
  -	while (serviceCount > 0) {
  -	    try {
  -		wait(30000);
  -		
  -		break;
  -	    } catch (InterruptedException e) { }
  -	}
  +	handleRequest( rrequest, rresponse );
       }
   
  +    
       public String toString() {
   	String toS="Wrapper(" + config.getServletName() + " ";
   	if( servlet!=null ) toS=toS+ "S:" + servlet.getClass().getName();
  
  
  
  1.4       +38 -7     jakarta-tomcat/src/share/org/apache/tomcat/request/SecurityCheck.java
  
  Index: SecurityCheck.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SecurityCheck.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- SecurityCheck.java	2000/02/16 00:48:45	1.3
  +++ SecurityCheck.java	2000/02/17 07:52:21	1.4
  @@ -81,12 +81,43 @@
       public SecurityCheck() {
       }
   	
  +    public void contextInit( Context ctx)
  +	throws TomcatException
  +    {
  +	if( "FORM".equals( ctx.getAuthMethod() )) {
  +	    ServletWrapper jcheck=new ServletWrapper();
  +	    jcheck.setContext( ctx );
  +	    jcheck.setServletClass( "org.apache.tomcat.servlets.JSecurityCheck" );
  +	    jcheck.setServletName( "tomcat.jcheck");
  +	    ctx.addServlet( jcheck );
  +	    
  +	    // If you understand the spec you'll understand the code.
  +	    // I don't understand the spec enough, so I can't comment the code 
  +
  +	    String form=ctx.getFormLoginPage();
  +	    ctx.log( "Adding form login " + form );
  +	    if( form!= null ) {
  +		int lastS=form.lastIndexOf( "/" );
  +		if( lastS<=0 ) {
  +		    ctx.addServletMapping( "/j_security_check", "tomcat.jcheck" );
  +		    ctx.log( "Map  /j_security_check to tomcat.jcheck" );
  +		}  else {
  +		    String dir=form.substring( 0, lastS);
  +		    ctx.addServletMapping( dir + "/j_security_check", "tomcat.jcheck");
  +		    ctx.log( "Map " + dir + "/j_security_check to tomcat.jcheck");
  +		}
  +	    }
  +	}
  +    }
  +	    
  +
       public int authenticate( Request req, Response response )
       {
   	Context ctx=req.getContext();
   	if( req.getRemoteUser() != null) return 0; // already authenticated
   
   	String authMethod=ctx.getAuthMethod();
  +	//	if( ctx.getDebug() > 0 ) ctx.log( "Auth: " + authMethod );
   	if( authMethod==null || "BASIC".equals(authMethod) ) {
   	    String authorization = req.getHeader("Authorization");
   	    // XXX we may have multiple headers ?
  @@ -101,7 +132,7 @@
   		String password = unencoded.substring(colon + 1);
   		if( checkPassword( username, password ) ) {
   		    req.setRemoteUser( username );
  -		    if( ctx.getDebug() > 0 ) ctx.log( "BASEIC Auth:  " + username );
  +		    if( ctx.getDebug() > 0 ) ctx.log( "BASIC Auth:  " + username );
   		} else {
   		    // wrong password
   		    errorPage( req, response );
  @@ -120,16 +151,16 @@
   	    HttpSession session=req.getSession( false );
   	    if( session == null )
   		return 0; // not authenticated
  -	    String username=(String)session.getAttribute( "j_username" );
  -	    String password=(String)session.getAttribute( "j_password" );
  +	    String username=(String)session.getAttribute("j_username");
  +	    String password=(String)session.getAttribute("j_password");
  +	    
  +	    if( ctx.getDebug() > 0 ) ctx.log( "Form Auth:  " + username + " " + password);
   	    if( checkPassword( username, password ) ) {
   		req.setRemoteUser( username );
  -		if( ctx.getDebug() > 0 ) ctx.log( "Form Auth:  " + username );
   	    } else {
  -		// wrong password and user
  +		// wrong password
   		errorPage( req, response );
   	    }
  -	    if( ctx.getDebug() > 0 ) ctx.log( "FORM auth " + username + " " + password );
   	}
   
   	return 0;
  @@ -160,7 +191,7 @@
   	    }
   	}
   
  -	if( ctx.getDebug() > 0 ) ctx.log( "Unauthorized " );
  +	if( ctx.getDebug() > 0 ) ctx.log( "Unauthorized " + user);
    	return HttpServletResponse.SC_UNAUTHORIZED;
   	// XXX check transport
       }
  
  
  
  1.16      +4 -3      jakarta-tomcat/src/share/org/apache/tomcat/service/Ajp11ConnectionHandler.java
  
  Index: Ajp11ConnectionHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Ajp11ConnectionHandler.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- Ajp11ConnectionHandler.java	2000/02/11 02:21:48	1.15
  +++ Ajp11ConnectionHandler.java	2000/02/17 07:52:21	1.16
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Ajp11ConnectionHandler.java,v 1.15 2000/02/11 02:21:48 costin Exp $
  - * $Revision: 1.15 $
  - * $Date: 2000/02/11 02:21:48 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/Ajp11ConnectionHandler.java,v 1.16 2000/02/17 07:52:21 costin Exp $
  + * $Revision: 1.16 $
  + * $Date: 2000/02/17 07:52:21 $
    *
    * ====================================================================
    *
  @@ -111,6 +111,7 @@
   	    //	    RequestImpl request=new RequestImpl();
   	    
   	    AJPRequestAdapter reqA = new AJPRequestAdapter(socket); // todo: clean ConnectionHandler, make it abstract
  +	    reqA.setContextManager( contextM );
   	    //request.setRequestAdapter( reqA );
   	    
   	    Ajp11ResponseAdapter resA=new Ajp11ResponseAdapter();
  
  
  
  1.14      +1 -0      jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp12ConnectionHandler.java
  
  Index: Ajp12ConnectionHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp12ConnectionHandler.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- Ajp12ConnectionHandler.java	2000/02/11 02:21:48	1.13
  +++ Ajp12ConnectionHandler.java	2000/02/17 07:52:22	1.14
  @@ -110,6 +110,7 @@
   
   	    //	    RequestImpl request = new RequestImpl();
   	    AJP12RequestAdapter reqA = new AJP12RequestAdapter(contextM, socket);
  +	    reqA.setContextManager( contextM );
   	    //	    ResponseImpl response=new ResponseImpl();
   	    AJP12ResponseAdapter resA=new AJP12ResponseAdapter();
   
  
  
  
  1.7       +4 -3      jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp23ConnectionHandler.java
  
  Index: Ajp23ConnectionHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp23ConnectionHandler.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- Ajp23ConnectionHandler.java	2000/01/15 23:30:24	1.6
  +++ Ajp23ConnectionHandler.java	2000/02/17 07:52:22	1.7
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp23ConnectionHandler.java,v 1.6 2000/01/15 23:30:24 costin Exp $
  - * $Revision: 1.6 $
  - * $Date: 2000/01/15 23:30:24 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/Ajp23ConnectionHandler.java,v 1.7 2000/02/17 07:52:22 costin Exp $
  + * $Revision: 1.7 $
  + * $Date: 2000/02/17 07:52:22 $
    *
    * ====================================================================
    *
  @@ -108,6 +108,7 @@
   	    ConnectorResponse rresponse=new ConnectorResponse(con);
   	    //	    RequestImpl  rrequest=new RequestImpl();
   	    ConnectorRequest  reqA=new ConnectorRequest(con);
  +	    reqA.setContextManager( contextM );
   	    //rrequest.setRequestAdapter( reqA ); 
   
   	    boolean moreRequests=true;
  
  
  
  1.2       +4 -3      jakarta-tomcat/src/share/org/apache/tomcat/service/connector/JNIConnectionHandler.java
  
  Index: JNIConnectionHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/JNIConnectionHandler.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- JNIConnectionHandler.java	2000/02/09 12:00:53	1.1
  +++ JNIConnectionHandler.java	2000/02/17 07:52:22	1.2
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/JNIConnectionHandler.java,v 1.1 2000/02/09 12:00:53 rubys Exp $
  - * $Revision: 1.1 $
  - * $Date: 2000/02/09 12:00:53 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/connector/JNIConnectionHandler.java,v 1.2 2000/02/17 07:52:22 costin Exp $
  + * $Revision: 1.2 $
  + * $Date: 2000/02/17 07:52:22 $
    *
    * ====================================================================
    *
  @@ -100,6 +100,7 @@
   
           try {
       	    JNIRequestAdapter reqA = new JNIRequestAdapter(contextM, this);
  +	    reqA.setContextManager( contextM );
       	    JNIResponseAdapter resA =new JNIResponseAdapter(this);
   
       	    reqA.setResponse(resA);
  
  
  
  1.12      +4 -3      jakarta-tomcat/src/share/org/apache/tomcat/service/http/HttpConnectionHandler.java
  
  Index: HttpConnectionHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/HttpConnectionHandler.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- HttpConnectionHandler.java	2000/01/15 23:30:26	1.11
  +++ HttpConnectionHandler.java	2000/02/17 07:52:23	1.12
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/HttpConnectionHandler.java,v 1.11 2000/01/15 23:30:26 costin Exp $
  - * $Revision: 1.11 $
  - * $Date: 2000/01/15 23:30:26 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/HttpConnectionHandler.java,v 1.12 2000/02/17 07:52:23 costin Exp $
  + * $Revision: 1.12 $
  + * $Date: 2000/02/17 07:52:23 $
    *
    * ====================================================================
    *
  @@ -110,6 +110,7 @@
   	    OutputStream out=socket.getOutputStream();
   	    //	    RequestImpl request=new RequestImpl();
   	    HttpRequestAdapter reqA=new HttpRequestAdapter();
  +	    reqA.setContextManager( contextM );
   	    //	    ResponseImpl response=new ResponseImpl();
   	    HttpResponseAdapter resA=new HttpResponseAdapter();
   	    
  
  
  
  1.2       +29 -1     jakarta-tomcat/src/share/org/apache/tomcat/servlets/AuthServlet.java
  
  Index: AuthServlet.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/servlets/AuthServlet.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- AuthServlet.java	2000/02/16 00:30:30	1.1
  +++ AuthServlet.java	2000/02/17 07:52:24	1.2
  @@ -79,10 +79,38 @@
   	throws ServletException, IOException
       {
   	Request req=((HttpServletRequestFacade)request).getRealRequest();
  +	Context ctx=req.getContext();
  +	String realm=ctx.getRealmName();
  +	if( "FORM".equals( ctx.getAuthMethod() )) {
  +	    // the code is not uglier that the spec, we are just implementing it.
  +	    // if you don't understand what's here - you're not alone !
  +	    // ( it helps to  read the spec > 10 times !)
   
  -	String realm=req.getContext().getRealmName();
  +	    String page=ctx.getFormLoginPage();
  +	    if(page!=null) {
  +		HttpSession session=request.getSession( true );
  +		// Because of _stupid_ "j_security_check" we have
  +		// to start the session ( since login page migh not do it ),
  +		// then save the current page ( since we'll have to return here
  +		// and the obvious  solution is too ... simple, and we need to
  +		// do something realy complex ).
  +
  +		// We can't forward to the page - because we set some headers in getSession
  +		// 		RequestDispatcher rd= ctx.getRequestDispatcher( page );
  +		// 		rd.include( request, response );
  +
  +		session.setAttribute( "tomcat.auth.originalLocation", req.getRequestURI());
  +		ctx.log("Setting orig location " + req.getRequestURI());
  +		if( ! page.startsWith("/")) page="/" + page;
  +		response.sendRedirect( ctx.getPath() + page );
  +		return; 
  +	    }
  +	}
  +
  +	// Default is BASIC
   	if(realm==null) realm="default";
   	response.setHeader( "WWW-Authenticate", "Basic \"" + realm + "\"");
   	response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
       }
  +
   }
  
  
  
  1.4       +1 -1      jakarta-tomcat/src/share/org/apache/tomcat/servlets/DefaultErrorPage.java
  
  Index: DefaultErrorPage.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/servlets/DefaultErrorPage.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- DefaultErrorPage.java	2000/02/16 17:13:25	1.3
  +++ DefaultErrorPage.java	2000/02/17 07:52:24	1.4
  @@ -92,7 +92,7 @@
   	int status=response.getStatus();
   	String msg=(String)request.getAttribute("javax.servlet.error.message");
   
  -	Throwable e= (Throwable)request.getAttribute("tomcat.error.throwable");
  +	Throwable e= (Throwable)request.getAttribute("tomcat.servlet.error.throwable");
   	if( e!=null ) {
   	    sendError(request, response, 500, exceptionString( e ));
   	    return;
  
  
  
  1.1                  jakarta-tomcat/src/share/org/apache/tomcat/servlets/JSecurityCheck.java
  
  Index: JSecurityCheck.java
  ===================================================================
  /*
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:  
   *       "This product includes software developed by the 
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */ 
  
  
  package org.apache.tomcat.servlets;
  
  import org.apache.tomcat.util.*;
  import org.apache.tomcat.core.*;
  import java.io.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  
  
  /**
   * Will authenticate the request for non-form auth
   * ( sort of "default form auth" );
   *
   */
  public class JSecurityCheck extends HttpServlet {
      
      public void service(HttpServletRequest request,
  			HttpServletResponse response)
  	throws ServletException, IOException
      {
  	Request req=((HttpServletRequestFacade)request).getRealRequest();
  	Context ctx=req.getContext();
  	ctx.log( "In JSecurityCheck");
  	HttpSession session=req.getSession( false );
  	if( session == null ) {
  	    ctx.log("TRY TO AUTHENTICATE WITHOUT A SESSION " + req);
  	    return;
  	}
  	String username=req.getFacade().getParameter( "j_username" );
  	String password=req.getFacade().getParameter( "j_password" );
  	if( ctx.getDebug() > 0 ) ctx.log( "FORM auth " + username + " " + password );
  
  	session.setAttribute( "j_username", username );
  	session.setAttribute( "j_password", password );
  
  	String origLocation=(String)session.getAttribute( "tomcat.auth.originalLocation");
  	ctx.log("Back to orig location " + origLocation);
  	response.sendRedirect( origLocation );
      }
  
  }
  
  
  

Mime
View raw message