tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@locus.apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request SecurityCheck.java
Date Thu, 06 Apr 2000 06:00:45 GMT
craigmcc    00/04/05 23:00:45

  Modified:    src/share/org/apache/tomcat/core RequestImpl.java
               src/share/org/apache/tomcat/request SecurityCheck.java
  Log:
  Corrections and validations for BASIC authentication support:
  - Properly parse comma-delimited role names in conf/tomcat-users.conf.
  - Properly authenticate on every request (just because the browser
    sends an Authentication header doesn't mean we should trust it).
  - Validate correct user + correct password + correct role grants access.
  - Validate correct user + incorrect password denies access.
  - Validate correct user + correct password + incorrect role denies access.
  
  Please help me pound on this code to make sure it works before final
  release of Tomcat 3.1!
  
  Revision  Changes    Path
  1.26      +4 -17     jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java
  
  Index: RequestImpl.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- RequestImpl.java	2000/03/31 18:22:34	1.25
  +++ RequestImpl.java	2000/04/06 06:00:44	1.26
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v
1.25 2000/03/31 18:22:34 craigmcc Exp $
  - * $Revision: 1.25 $
  - * $Date: 2000/03/31 18:22:34 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/RequestImpl.java,v
1.26 2000/04/06 06:00:44 craigmcc Exp $
  + * $Revision: 1.26 $
  + * $Date: 2000/04/06 06:00:44 $
    *
    * ====================================================================
    *
  @@ -285,20 +285,7 @@
       }
   
       public String getRemoteUser() {
  -	if( remoteUser!=null)
  -	    return remoteUser;
  -
  -	// Using the Servlet 2.2 semantics ...
  -	//  return request.getRemoteUser();
  -	java.security.Principal p = getUserPrincipal();
  -
  -	if (p != null) {
  -	    return p.getName();
  -	}
  -
  -	return null;
  -
  -        //return remoteUser;
  +	return remoteUser;
       }
   
       public boolean isSecure() {
  
  
  
  1.12      +9 -2      jakarta-tomcat/src/share/org/apache/tomcat/request/SecurityCheck.java
  
  Index: SecurityCheck.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SecurityCheck.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- SecurityCheck.java	2000/03/31 15:50:10	1.11
  +++ SecurityCheck.java	2000/04/06 06:00:45	1.12
  @@ -135,7 +135,7 @@
   	    	new SimpleRequestSecurityProviderImpl(roles);
   	    ctx.setRequestSecurityProvider(rsp);
   	}
  -	
  +
   	if( req.getRemoteUser() != null) return 0; // already authenticated
   
   	String authMethod=ctx.getAuthMethod();
  @@ -315,7 +315,14 @@
       public void addUser(String name, String pass, String groups ) {
   	if( debug > 0 )  ctx.log( "Add user " + name + " " + pass + " " + groups );
   	passwords.put( name, pass );
  -	addRole( groups, name );
  +	groups += ",";
  +	while (true) {
  +	    int comma = groups.indexOf(",");
  +	    if (comma < 0)
  +		break;
  +	    addRole( groups.substring(0, comma).trim(), name);
  +	    groups = groups.substring(comma + 1);
  +	}
       }
   
       public void addRole( String role, String user ) {
  
  
  

Mime
View raw message