tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@locus.apache.org
Subject cvs commit: jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/startup Authenticators.properties ContextConfig.java
Date Sat, 08 Jul 2000 02:53:34 GMT
craigmcc    00/07/07 19:53:34

  Modified:    proposals/catalina/src/share/org/apache/tomcat
                        HttpRequest.java
               proposals/catalina/src/share/org/apache/tomcat/connector
                        HttpRequestBase.java
               proposals/catalina/src/share/org/apache/tomcat/security
                        Constants.java HttpBasicValve.java
                        HttpDigestValve.java HttpSecurityBase.java
               proposals/catalina/src/share/org/apache/tomcat/startup
                        Authenticators.properties ContextConfig.java
  Added:       proposals/catalina/src/share/org/apache/tomcat/security
                        HttpFormValve.java SavedRequest.java
  Log:
  Initial version of form-based login support for Catalina.  This
  implementation saves the state of the original request in the user's
  session (which is created if necessary), while the login negotiation
  proceeds.  Once authenticated, the user's login stays valid for the
  lifetime of the session (so an application can log a user off, which is
  not possible with BASIC authentication).
  
  FIXME - The saved version of the original request does not currently save
  the original request data, so this implementation will fail if the first
  request that triggers form based login is a POST.  However, it does save
  all of the cookies, headers, locales, and other key values in order to
  reproduce the original request as faithfully as possible.
  
  Revision  Changes    Path
  1.4       +22 -4     jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/HttpRequest.java
  
  Index: HttpRequest.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/HttpRequest.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- HttpRequest.java	2000/05/01 01:53:53	1.3
  +++ HttpRequest.java	2000/07/08 02:53:32	1.4
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/HttpRequest.java,v
1.3 2000/05/01 01:53:53 craigmcc Exp $
  - * $Revision: 1.3 $
  - * $Date: 2000/05/01 01:53:53 $
  + * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/HttpRequest.java,v
1.4 2000/07/08 02:53:32 craigmcc Exp $
  + * $Revision: 1.4 $
  + * $Date: 2000/07/08 02:53:32 $
    *
    * ====================================================================
    *
  @@ -76,7 +76,7 @@
    * produce the corresponding <code>HttpResponse</code>.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.3 $ $Date: 2000/05/01 01:53:53 $
  + * @version $Revision: 1.4 $ $Date: 2000/07/08 02:53:32 $
    */
   
   public interface HttpRequest extends Request {
  @@ -109,6 +109,24 @@
        * @param locale The new preferred Locale
        */
       public void addLocale(Locale locale);
  +
  +
  +    /**
  +     * Clear the collection of Cookies associated with this Request.
  +     */
  +    public void clearCookies();
  +
  +
  +    /**
  +     * Clear the collection of Headers associated with this Request.
  +     */
  +    public void clearHeaders();
  +
  +
  +    /**
  +     * Clear the collection of Locales associated with this Request.
  +     */
  +    public void clearLocales();
   
   
       /**
  
  
  
  1.12      +34 -4     jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/connector/HttpRequestBase.java
  
  Index: HttpRequestBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/connector/HttpRequestBase.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- HttpRequestBase.java	2000/06/22 00:19:02	1.11
  +++ HttpRequestBase.java	2000/07/08 02:53:32	1.12
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/connector/HttpRequestBase.java,v
1.11 2000/06/22 00:19:02 craigmcc Exp $
  - * $Revision: 1.11 $
  - * $Date: 2000/06/22 00:19:02 $
  + * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/connector/HttpRequestBase.java,v
1.12 2000/07/08 02:53:32 craigmcc Exp $
  + * $Revision: 1.12 $
  + * $Date: 2000/07/08 02:53:32 $
    *
    * ====================================================================
    *
  @@ -93,7 +93,7 @@
    * be implemented.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.11 $ $Date: 2000/06/22 00:19:02 $
  + * @version $Revision: 1.12 $ $Date: 2000/07/08 02:53:32 $
    */
   
   public class HttpRequestBase
  @@ -271,6 +271,36 @@
   	    headers.put(name, values);
   	}
   	values.addElement(value);
  +
  +    }
  +
  +
  +    /**
  +     * Clear the collection of Cookies associated with this Request.
  +     */
  +    public void clearCookies() {
  +
  +	cookies.removeAllElements();
  +
  +    }
  +
  +
  +    /**
  +     * Clear the collection of Headers associated with this Request.
  +     */
  +    public void clearHeaders() {
  +
  +	headers.clear();
  +
  +    }
  +
  +
  +    /**
  +     * Clear the collection of Locales associated with this Request.
  +     */
  +    public void clearLocales() {
  +
  +	locales.removeAllElements();
   
       }
   
  
  
  
  1.3       +9 -3      jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/Constants.java
  
  Index: Constants.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/Constants.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- Constants.java	2000/02/13 01:43:47	1.2
  +++ Constants.java	2000/07/08 02:53:33	1.3
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/Constants.java,v
1.2 2000/02/13 01:43:47 craigmcc Exp $
  - * $Revision: 1.2 $
  - * $Date: 2000/02/13 01:43:47 $
  + * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/Constants.java,v
1.3 2000/07/08 02:53:33 craigmcc Exp $
  + * $Revision: 1.3 $
  + * $Date: 2000/07/08 02:53:33 $
    *
    * ====================================================================
    *
  @@ -79,6 +79,12 @@
       public static final String NONE_TRANSPORT = "NONE";
       public static final String INTEGRAL_TRANSPORT = "INTEGRAL";
       public static final String CONFIDENTIAL_TRANSPORT = "CONFIDENTIAL";
  +
  +    // Form based authentication constants
  +    public static final String FORM_ACTION = "/j_security_check";
  +    public static final String FORM_KEY = "org.apache.tomcat.security.REQUEST";
  +    public static final String FORM_PASSWORD = "j_password";
  +    public static final String FORM_USERNAME = "j_username";
   
   }
   
  
  
  
  1.6       +7 -7      jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpBasicValve.java
  
  Index: HttpBasicValve.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpBasicValve.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- HttpBasicValve.java	2000/06/22 03:00:37	1.5
  +++ HttpBasicValve.java	2000/07/08 02:53:33	1.6
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpBasicValve.java,v
1.5 2000/06/22 03:00:37 craigmcc Exp $
  - * $Revision: 1.5 $
  - * $Date: 2000/06/22 03:00:37 $
  + * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpBasicValve.java,v
1.6 2000/07/08 02:53:33 craigmcc Exp $
  + * $Revision: 1.6 $
  + * $Date: 2000/07/08 02:53:33 $
    *
    * ====================================================================
    *
  @@ -84,7 +84,7 @@
    * and Digest Access Authentication."
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.5 $ $Date: 2000/06/22 03:00:37 $
  + * @version $Revision: 1.6 $ $Date: 2000/07/08 02:53:33 $
    */
   
   public final class HttpBasicValve
  @@ -104,7 +104,7 @@
        * Descriptive information about this implementation.
        */
       private static final String info =
  -	"org.apache.tomcat.security.HttpSecurityValve/1.0";
  +	"org.apache.tomcat.security.HttpBasicValve/1.0";
   
   
       // ------------------------------------------------------------- Properties
  @@ -154,7 +154,7 @@
   	if (session != null) {
   	    principal = session.getPrincipal();
   	    if (principal != null) {
  -	        request.setAuthType("BASIC");
  +	        request.setAuthType(Constants.BASIC_METHOD);
   		request.setUserPrincipal(principal);
   		return (true);
   	    }
  @@ -169,7 +169,7 @@
   	if (authorization != null) {
   	    principal = findPrincipal(authorization, context.getRealm());
   	    if (principal != null) {
  -	        request.setAuthType("BASIC");
  +	        request.setAuthType(Constants.BASIC_METHOD);
   		request.setUserPrincipal(principal);
   		if (cache && (session != null))
   		    session.setPrincipal(principal);
  
  
  
  1.3       +6 -6      jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpDigestValve.java
  
  Index: HttpDigestValve.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpDigestValve.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- HttpDigestValve.java	2000/06/22 03:00:37	1.2
  +++ HttpDigestValve.java	2000/07/08 02:53:33	1.3
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpDigestValve.java,v
1.2 2000/06/22 03:00:37 craigmcc Exp $
  - * $Revision: 1.2 $
  - * $Date: 2000/06/22 03:00:37 $
  + * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpDigestValve.java,v
1.3 2000/07/08 02:53:33 craigmcc Exp $
  + * $Revision: 1.3 $
  + * $Date: 2000/07/08 02:53:33 $
    *
    * ====================================================================
    *
  @@ -88,7 +88,7 @@
    * 
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.2 $ $Date: 2000/06/22 03:00:37 $
  + * @version $Revision: 1.3 $ $Date: 2000/07/08 02:53:33 $
    */
   
   public final class HttpDigestValve
  @@ -228,7 +228,7 @@
   	if (session != null) {
   	    principal = session.getPrincipal();
   	    if (principal != null) {
  -	        request.setAuthType("DIGEST");
  +	        request.setAuthType(Constants.DIGEST_METHOD);
   		request.setUserPrincipal(principal);
   		return (true);
   	    }
  @@ -243,7 +243,7 @@
   	if (authorization != null) {
   	    principal = findPrincipal(hreq, authorization, context.getRealm());
   	    if (principal != null) {
  -	        request.setAuthType("DIGEST");
  +	        request.setAuthType(Constants.DIGEST_METHOD);
   		request.setUserPrincipal(principal);
   		if (cache && (session != null))
   		    session.setPrincipal(principal);
  
  
  
  1.3       +56 -9     jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpSecurityBase.java
  
  Index: HttpSecurityBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpSecurityBase.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- HttpSecurityBase.java	2000/06/22 03:00:38	1.2
  +++ HttpSecurityBase.java	2000/07/08 02:53:33	1.3
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpSecurityBase.java,v
1.2 2000/06/22 03:00:38 craigmcc Exp $
  - * $Revision: 1.2 $
  - * $Date: 2000/06/22 03:00:38 $
  + * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpSecurityBase.java,v
1.3 2000/07/08 02:53:33 craigmcc Exp $
  + * $Revision: 1.3 $
  + * $Date: 2000/07/08 02:53:33 $
    *
    * ====================================================================
    *
  @@ -113,7 +113,7 @@
    * requests.  Requests of any other type will simply be passed through.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.2 $ $Date: 2000/06/22 03:00:38 $
  + * @version $Revision: 1.3 $ $Date: 2000/07/08 02:53:33 $
    */
   
   
  @@ -287,16 +287,18 @@
   	    log("Security checking request " +
   		((HttpServletRequest) request.getRequest()).getMethod() + " " +
   		((HttpServletRequest) request.getRequest()).getRequestURI());
  +	LoginConfig config = context.getLoginConfig();
   
   	// Is this request URI subject to a security constraint?
   	SecurityConstraint constraint = findConstraint(hrequest);
  -	if (constraint == null) {
  +	if ((constraint == null) &&
  +	    (!Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
   	    if (debug >= 1)
   	        log("  Not subject to any constraint");
   	    invokeNext(request, response);
   	    return;
   	}
  -	if (debug >= 1)
  +	if ((debug >= 1) && (constraint != null))
   	    log(" Subject to constraint " + constraint);
   
   	// Enforce any user data constraint for this security constraint
  @@ -347,6 +349,29 @@
   				    SecurityConstraint constraint)
   	throws IOException {
   
  +	if (constraint == null)
  +	    return (true);
  +
  +	// Specifically allow access to the form login and form error pages
  +	LoginConfig config = context.getLoginConfig();
  +	if ((config != null) &&
  +	    (Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
  +	    String requestURI =
  +		((HttpServletRequest) request.getRequest()).getRequestURI();
  +	    String loginPage = context.getPath() + config.getLoginPage();
  +	    if (loginPage.equals(requestURI)) {
  +		if (debug >= 1)
  +		    log(" Allow access to login page " + loginPage);
  +		return (true);
  +	    }
  +	    String errorPage = context.getPath() + config.getErrorPage();
  +	    if (errorPage.equals(requestURI)) {
  +		if (debug >= 1)
  +		    log(" Allow access to error page " + errorPage);
  +		return (true);
  +	    }
  +	}
  +
   	// Which user principal have we already authenticated?
   	Principal principal =
   	    ((HttpServletRequest) request.getRequest()).getUserPrincipal();
  @@ -414,11 +439,16 @@
   				    SecurityConstraint constraint)
   	throws IOException {
   
  +	// Is there a relevant user data constraint?
  +	if (constraint == null)
  +	    return (true);
   	String userConstraint = constraint.getUserConstraint();
   	if (userConstraint == null)
   	    return (true);
   	if (userConstraint.equals(Constants.NONE_TRANSPORT))
   	    return (true);
  +
  +	// Validate the request against the user data constraint
   	if (!request.getRequest().isSecure()) {
   	    ((HttpServletResponse) response.getResponse()).sendError
   		(HttpServletResponse.SC_BAD_REQUEST,
  @@ -463,14 +493,31 @@
   
   
       /**
  -     * Return the internal Session that is associated with this request,
  -     * if there is one; otherwise return <code>null</code>.
  +     * Return the internal Session that is associated with this HttpRequest,
  +     * or <code>null</code> if there is no such Session.
  +     *
  +     * @param request The HttpRequest we are processing
        */
       protected Session getSession(HttpRequest request) {
   
  +	return (getSession(request, false));
  +
  +    }
  +
  +
  +    /**
  +     * Return the internal Session that is associated with this HttpRequest,
  +     * possibly creating a new one if necessary, or <code>null</code> if
  +     * there is no such session and we did not create one.
  +     *
  +     * @param request The HttpRequest we are processing
  +     * @param create Should we create a session if needed?
  +     */
  +    protected Session getSession(HttpRequest request, boolean create) {
  +
   	HttpServletRequest hreq =
   	    (HttpServletRequest) request.getRequest();
  -	HttpSession hses = hreq.getSession(false);
  +	HttpSession hses = hreq.getSession(create);
   	if (hses == null)
   	    return (null);
   	Manager manager = context.getManager();
  
  
  
  1.1                  jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpFormValve.java
  
  Index: HttpFormValve.java
  ===================================================================
  /*
   * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/HttpFormValve.java,v
1.1 2000/07/08 02:53:33 craigmcc Exp $
   * $Revision: 1.1 $
   * $Date: 2000/07/08 02:53:33 $
   *
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  
  
  package org.apache.tomcat.security;
  
  
  import java.io.IOException;
  import java.security.Principal;
  import java.util.Enumeration;
  import java.util.Locale;
  import java.util.Vector;
  import javax.servlet.http.Cookie;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import javax.servlet.http.HttpSession;
  import org.apache.tomcat.HttpRequest;
  import org.apache.tomcat.HttpResponse;
  import org.apache.tomcat.Realm;
  import org.apache.tomcat.Session;
  import org.apache.tomcat.deploy.LoginConfig;
  
  
  
  /**
   * An <b>Authenticator</b> and <b>Valve</b> implementation of FORM
BASED
   * Authentication, as described in the Servlet API Specification, Version 2.2.
   *
   * @author Craig R. McClanahan
   * @version $Revision: 1.1 $ $Date: 2000/07/08 02:53:33 $
   */
  
  public final class HttpFormValve
      extends HttpSecurityBase {
  
  
      // ----------------------------------------------------- Instance Variables
  
  
      /**
       * Descriptive information about this implementation.
       */
      private static final String info =
  	"org.apache.tomcat.security.HttpFormValve/1.0";
  
  
      // ------------------------------------------------------------- Properties
  
  
      /**
       * Return descriptive information about this Valve implementation.
       */
      public String getInfo() {
  
  	return (this.info);
  
      }
  
  
      // --------------------------------------------------------- Public Methods
  
  
      /**
       * Authenticate the user making this request, based on the specified
       * login configuration.  Return <code>true</code> if any specified
       * constraint has been satisfied, or <code>false</code> if we have
       * created a response challenge already.
       *
       * @param request Request we are processing
       * @param response Response we are creating
       * @param login Login configuration describing how authentication
       *              should be performed
       *
       * @exception IOException if an input/output error occurs
       */
      public boolean authenticate(HttpRequest request,
  				HttpResponse response,
  				LoginConfig config)
  	throws IOException {
  
  	// Have we already authenticated someone?
  	Principal principal =
  	    ((HttpServletRequest) request.getRequest()).getUserPrincipal();
  	if (principal != null)
  	    return (true);
  
  	// Have we got a cached authenticated Principal?
  	Session session = null;
  	if (cache)
  	    session = getSession(request);
  	if (session != null) {
  	    principal = session.getPrincipal();
  	    if (principal != null) {
  	        request.setAuthType(Constants.FORM_METHOD);
  		request.setUserPrincipal(principal);
  		return (true);
  	    }
  	}
  
  	// Acquire references to objects we will need to evaluate
  	HttpServletRequest hreq =
  	    (HttpServletRequest) request.getRequest();
  	HttpServletResponse hres =
  	    (HttpServletResponse) response.getResponse();
  	String contextPath = hreq.getContextPath();
  	String requestURI = hreq.getRequestURI();
  	response.setContext(request.getContext());
  
  	// Is this a request for the login page itself?  Test here to avoid
  	// displaying it twice (from the user's perspective) -- once because
  	// of the "save and redirect" and once because of the "restore and
  	// redirect" performed below.
  	if (requestURI.equals(contextPath + config.getLoginPage()))
  	    return (true);	// Display the login page in the usual manner
  
  	// Is this the action request from the login page?
  	boolean loginAction =
  	    requestURI.startsWith(contextPath) &&
  	    requestURI.endsWith(Constants.FORM_ACTION);
  
  	// No -- Save this request and redirect to the form login page
  	if (!loginAction) {
  	    session = getSession(request, true);
  	    saveRequest(request, session);
  	    request.setRequestURI(contextPath + config.getLoginPage());
  	    return (true);	// Display the login page in the usual manner
  	}
  
  	// Yes -- Validate the specified credentials and redirect
  	// to the error page if they are not correct
  	Realm realm = context.getRealm();
  	String username = hreq.getParameter(Constants.FORM_USERNAME);
  	String password = hreq.getParameter(Constants.FORM_PASSWORD);
  	principal = realm.authenticate(username, password);
  	if (principal == null) {
  	    request.setRequestURI(contextPath + config.getErrorPage());
  	    return (true);	// Display the error page in the usual manner
  	}
  
  
  	// Restore this request and redirect to the original request URI
  	request.setAuthType(Constants.FORM_METHOD);
  	request.setUserPrincipal(principal);
  	if (cache && (session != null))
  	    session.setPrincipal(principal);
  	if (restoreRequest(request, session))
  	    return (true);		// Perform the original request
  	else {
  	    hres.sendError(HttpServletResponse.SC_BAD_REQUEST);
  	    hres.flushBuffer();
  	    return (false);
  	}
  
      }
  
  
      // -------------------------------------------------------- Private Methods
  
  
      /**
       * Restore the original request from information stored in our session.
       * If the original request is no longer present (because the session
       * timed out), return <code>false</code>; otherwise, return
       * <code>true</code>.
       *
       * @param request The request to be restored
       * @param session The session containing the saved information
       */
      private boolean restoreRequest(HttpRequest request, Session session) {
  
  	// Retrieve and remove the SavedRequest object from our session
  	SavedRequest saved = (SavedRequest)
  	    session.getSession().getAttribute(Constants.FORM_KEY);
  	session.getSession().removeAttribute(Constants.FORM_KEY);
  	if (saved == null)
  	    return (false);
  
  	// Modify our current request to reflect the original one
  	request.clearCookies();
  	Cookie cookies[] = saved.getCookies();
  	for (int i = 0; i < cookies.length; i++)
  	    request.addCookie(cookies[i]);
  	request.clearHeaders();
  	String names[] = saved.getHeaderNames();
  	for (int i = 0; i < names.length; i++) {
  	    String values[] = saved.getHeaderValues(names[i]);
  	    for (int j = 0; j < values.length; j++)
  		request.addHeader(names[i], values[j]);
  	}
  	request.clearLocales();
  	Locale locales[] = saved.getLocales();
  	for (int i = 0; i < locales.length; i++)
  	    request.addLocale(locales[i]);
  	request.setMethod(saved.getMethod());
  	request.setQueryString(saved.getQueryString());
  	request.setRequestURI(saved.getRequestURI());
  	return (true);
  
      }
  
  
      /**
       * Save the original request information into our session.
       *
       * @param request The request to be saved
       * @param session The session to contain the saved information
       */
      private void saveRequest(HttpRequest request, Session session) {
  
  	// Create and populate a SavedRequest object for this request
  	HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
  	SavedRequest saved = new SavedRequest();
  	Cookie cookies[] = hreq.getCookies();
  	if (cookies != null) {
  	    for (int i = 0; i < cookies.length; i++)
  		saved.addCookie(cookies[i]);
  	}
  	Enumeration names = hreq.getHeaderNames();
  	while (names.hasMoreElements()) {
  	    String name = (String) names.nextElement();
  	    Enumeration values = hreq.getHeaders(name);
  	    while (values.hasMoreElements()) {
  		String value = (String) values.nextElement();
  		saved.addHeader(name, value);
  	    }
  	}
  	Enumeration locales = hreq.getLocales();
  	while (locales.hasMoreElements()) {
  	    Locale locale = (Locale) locales.nextElement();
  	    saved.addLocale(locale);
  	}
  	saved.setMethod(hreq.getMethod());
  	saved.setQueryString(hreq.getQueryString());
  	saved.setRequestURI(hreq.getRequestURI());
  
  	// Stash the SavedRequest in our session for later use
  	session.getSession().setAttribute(Constants.FORM_KEY, saved);
  
      }
  
  
  }
  
  
  
  1.1                  jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/SavedRequest.java
  
  Index: SavedRequest.java
  ===================================================================
  /*
   * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/security/SavedRequest.java,v
1.1 2000/07/08 02:53:33 craigmcc Exp $
   * $Revision: 1.1 $
   * $Date: 2000/07/08 02:53:33 $
   *
   * ====================================================================
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution, if
   *    any, must include the following acknowlegement:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowlegement may appear in the software itself,
   *    if and wherever such third-party acknowlegements normally appear.
   *
   * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
   *    Foundation" must not be used to endorse or promote products derived
   *    from this software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache"
   *    nor may "Apache" appear in their names without prior written
   *    permission of the Apache Group.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * [Additional notices, if required by prior licensing conditions]
   *
   */
  
  
  package org.apache.tomcat.security;
  
  
  import java.util.Enumeration;
  import java.util.Hashtable;
  import java.util.Locale;
  import java.util.Vector;
  import javax.servlet.http.Cookie;
  import org.apache.tomcat.HttpRequest;
  import org.apache.tomcat.Session;
  
  
  /**
   * Object that saves the critical information from a request so that
   * form-based authentication can reproduce it once the user has been
   * authenticated.
   * <p>
   * <b>FIXME</b> - Currently, this object has no mechanism to save or
   * restore the data content of the request, so it will not support a
   * POST request triggering the authentication.
   *
   * @author Craig R. McClanahan
   * @version $Revision: 1.1 $ $Date: 2000/07/08 02:53:33 $
   */
  
  public final class SavedRequest {
  
  
      /**
       * The set of Cookies associated with this Request.
       */
      private Vector cookies = new Vector();
  
      public void addCookie(Cookie cookie) {
  	cookies.addElement(cookie);
      }
  
      public Cookie[] getCookies() {
  	Cookie results[] = new Cookie[cookies.size()];
  	cookies.copyInto(results);
  	return (results);
      }
  
  
      /**
       * The set of Headers associated with this Request.  Each key is a header
       * name, while the value is a Vector containing one or more actual
       * values for this header.
       */
      private Hashtable headers = new Hashtable();
  
      public void addHeader(String name, String value) {
  	Vector values = (Vector) headers.get(name);
  	if (values == null) {
  	    values = new Vector();
  	    headers.put(name, values);
  	}
  	values.addElement(value);
      }
  
      public String[] getHeaderNames() {
  	Vector keys = new Vector();
  	Enumeration enum = headers.keys();
  	while (enum.hasMoreElements())
  	    keys.addElement(enum.nextElement());
  	String results[] = new String[keys.size()];
  	keys.copyInto(results);
  	return (results);
      }
  
      public String[] getHeaderValues(String name) {
  	Vector values = (Vector) headers.get(name);
  	if (values == null)
  	    return (new String[0]);
  	String results[] = new String[values.size()];
  	values.copyInto(results);
  	return (results);
      }
  
  
      /**
       * The set of Locales associated with this Request.
       */
      private Vector locales = new Vector();
  
      public void addLocale(Locale locale) {
  	locales.addElement(locale);
      }
  
      public Locale[] getLocales() {
  	Locale results[] = new Locale[locales.size()];
  	locales.copyInto(results);
  	return (results);
      }
  
  
      /**
       * The request method used on this Request.
       */
      private String method = null;
  
      public String getMethod() {
  	return (this.method);
      }
  
      public void setMethod(String method) {
  	this.method = method;
      }
  
  
      /**
       * The query string associated with this Request.
       */
      private String queryString = null;
  
      public String getQueryString() {
  	return (this.queryString);
      }
  
      public void setQueryString(String queryString) {
  	this.queryString = queryString;
      }
  
  
      /**
       * The request URI associated with this Request.
       */
      private String requestURI = null;
  
      public String getRequestURI() {
  	return (this.requestURI);
      }
  
      public void setRequestURI(String requestURI) {
  	this.requestURI = requestURI;
      }
  
  
  }
  
  
  
  1.3       +1 -0      jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/startup/Authenticators.properties
  
  Index: Authenticators.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/startup/Authenticators.properties,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- Authenticators.properties	2000/05/31 02:02:58	1.2
  +++ Authenticators.properties	2000/07/08 02:53:33	1.3
  @@ -1,2 +1,3 @@
   BASIC=org.apache.tomcat.security.HttpBasicValve
   DIGEST=org.apache.tomcat.security.HttpDigestValve
  +FORM=org.apache.tomcat.security.HttpFormValve
  
  
  
  1.14      +6 -6      jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/startup/ContextConfig.java
  
  Index: ContextConfig.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/startup/ContextConfig.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- ContextConfig.java	2000/06/23 22:24:06	1.13
  +++ ContextConfig.java	2000/07/08 02:53:34	1.14
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/startup/ContextConfig.java,v
1.13 2000/06/23 22:24:06 craigmcc Exp $
  - * $Revision: 1.13 $
  - * $Date: 2000/06/23 22:24:06 $
  + * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/startup/ContextConfig.java,v
1.14 2000/07/08 02:53:34 craigmcc Exp $
  + * $Revision: 1.14 $
  + * $Date: 2000/07/08 02:53:34 $
    *
    * ====================================================================
    *
  @@ -105,7 +105,7 @@
    * of that Context, and the associated defined servlets.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.13 $ $Date: 2000/06/23 22:24:06 $
  + * @version $Revision: 1.14 $ $Date: 2000/07/08 02:53:34 $
    */
   
   public final class ContextConfig
  @@ -380,9 +380,9 @@
   		       mapper.methodParam(0));
   	mapper.addRule("web-app/login-config/realm-name",
   		       mapper.methodParam(1));
  -	mapper.addRule("web-app/login-config/login-page",
  +	mapper.addRule("web-app/login-config/form-login-config/form-login-page",
   		       mapper.methodParam(2));
  -	mapper.addRule("web-app/login-config/error-page",
  +	mapper.addRule("web-app/login-config/form-login-config/form-error-page",
   		       mapper.methodParam(3));
   
   	mapper.addRule("web-app/mime-mapping",
  
  
  

Mime
View raw message