tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@locus.apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/servlets AuthServlet.java
Date Fri, 07 Apr 2000 22:59:04 GMT
craigmcc    00/04/07 15:59:03

  Modified:    src/examples/WEB-INF web.xml
               src/share/org/apache/tomcat/request SecurityCheck.java
               src/share/org/apache/tomcat/servlets AuthServlet.java
  Log:
  These changes implement our choice (as agreed on TOMCAT_DEV on April 7) to
  temporarily change the authentication method that Tomcat recognizes for
  form based login from FORM to EXPERIMENTAL_FORM.  This choice was made to
  make it easy to continue debugging and implementing this feature, but
  prevent users from assuming that it works correctly just because it partly
  works.
  
  To reverse this change later, just change EXPERIMENTAL_FORM back to FORM
  in the places listed.
  
  NOTE:  This change recognizes a non-standard value in the web.xml file,
  and is intended *only* to assist developers in debugging this feature.  It
  is not expected to be supported by 2.2-compliant servlet containers.
  
  Revision  Changes    Path
  1.9       +4 -2      jakarta-tomcat/src/examples/WEB-INF/web.xml
  
  Index: web.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/examples/WEB-INF/web.xml,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- web.xml	2000/04/06 17:49:22	1.8
  +++ web.xml	2000/04/07 22:59:00	1.9
  @@ -87,10 +87,12 @@
   
       <!-- If you want to experiment with form-based logins, comment
            out the <login-config> element above and replace it with
  -         this one.  -->
  +         this one.  Note that we are currently using a nonstandard
  +         authentication method, because the code to support form
  +         based login is incomplete and only lightly tested.  -->
       <!--
       <login-config>
  -      <auth-method>FORM</auth-method>
  +      <auth-method>EXPERIMENTAL_FORM</auth-method>
         <realm-name>Example Form-Based Authentication Area</realm-name>
         <form-login-config>
           <form-login-page>/jsp/security/login/login.jsp</form-login-page>
  
  
  
  1.14      +2 -2      jakarta-tomcat/src/share/org/apache/tomcat/request/SecurityCheck.java
  
  Index: SecurityCheck.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SecurityCheck.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- SecurityCheck.java	2000/04/06 17:49:22	1.13
  +++ SecurityCheck.java	2000/04/07 22:59:01	1.14
  @@ -98,7 +98,7 @@
   		}
   	}
   	
  -	if( "FORM".equals( ctx.getAuthMethod() )) {
  +	if( "EXPERIMENTAL_FORM".equals( ctx.getAuthMethod() )) {
   	    ServletWrapper jcheck=new ServletWrapper();
   	    jcheck.setContext( ctx );
   	    jcheck.setServletClass( "org.apache.tomcat.servlets.JSecurityCheck" );
  @@ -169,7 +169,7 @@
   	if( "CLIENT-CERT".equals( authMethod ) ) {
   
   	}
  -	if( "FORM".equals( authMethod ) ) {
  +	if( "EXPERIMENTAL_FORM".equals( authMethod ) ) {
   	    HttpSession session=req.getSession( false );
   	    if( session == null )
   		return 0; // not authenticated
  
  
  
  1.5       +1 -1      jakarta-tomcat/src/share/org/apache/tomcat/servlets/AuthServlet.java
  
  Index: AuthServlet.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/servlets/AuthServlet.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- AuthServlet.java	2000/04/04 01:23:14	1.4
  +++ AuthServlet.java	2000/04/07 22:59:02	1.5
  @@ -81,7 +81,7 @@
   	Request req=((HttpServletRequestFacade)request).getRealRequest();
   	Context ctx=req.getContext();
   	String realm=ctx.getRealmName();
  -	if( "FORM".equals( ctx.getAuthMethod() )) {
  +	if( "EXPERIMENTAL_FORM".equals( ctx.getAuthMethod() )) {
   	    // the code is not uglier that the spec, we are just implementing it.
   	    // if you don't understand what's here - you're not alone !
   	    // ( it helps to  read the spec > 10 times !)
  
  
  

Mime
View raw message