tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Thexton <da...@consultants.co.nz>
Subject Broken req.getUserPrincipal().getName() with form based authentication?
Date Wed, 03 May 2000 10:45:27 GMT
When using form based authentication the user principal appears not to
be properly assigned.  As far as I can make out from the spec's it
should be.

The work unencoding the response appears to have already been done in
the SecurityCheck class and so the easiest way would seem to be to
return that response.  The code currently repeats the section for basic
authentication from SecurityCheck only.

I may well be wrong...  Please let me know if I am.

And am I correct in assuming the form login error page doesn't work
yet?  If so, is it something likely to be easy to fix or will someone
else fix it soon :)

Regards,
David Thexton.

Index:
src/share/org/apache/tomcat/core/SimpleRequestSecurityProviderImpl.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat/src/share/org/apache/tomcat/core/SimpleRequestSecurityProviderImpl.java,v
retrieving revision 1.1
diff -r1.1 SimpleRequestSecurityProviderImpl.java
149,154c149
<         Principal principal = null;
<         String remoteUser = getUserName(req);
<         if (remoteUser != null) {
<             principal = new SimplePrincipal(remoteUser);
<         }
<         return principal;
---
>         return new SimplePrincipal(getUserName(req));
178,188c173
<         String userName =  null;
<         String authorization = req.getHeader("Authorization");
<         if (authorization != null && authorization.startsWith("Basic
")) {
<             authorization = authorization.substring(6).trim();
<             String unencoded = base64Decode(authorization);
<             int colon = unencoded.indexOf(':');
<             if (colon > 0) {
<                 userName = unencoded.substring(0, colon);
<             }
<         }
<         return userName;
---
>         return req.getRemoteUser();

Mime
View raw message