tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cos...@locus.apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/startup EmbededTomcat.java
Date Wed, 16 Aug 2000 22:24:27 GMT
costin      00/08/16 15:24:27

  Modified:    src/share/org/apache/tomcat/core Tag: tomcat_32 Context.java
                        ContextManager.java
               src/share/org/apache/tomcat/request Tag: tomcat_32
                        AccessInterceptor.java
               src/share/org/apache/tomcat/service/http Tag: tomcat_32
                        HttpConnectionHandler.java
               src/share/org/apache/tomcat/startup Tag: tomcat_32
                        EmbededTomcat.java
  Log:
  Important fix - transport constraints checking.
  This is a spec requirement, I think it should go in.
  
  As allways - please let me know if you have any doubt and I'll roll back.
  
  In AccessInterceptor we'll check if CONFIDENTIAL/INTEGRAL is required
  for a request and if the SSL is not used ( isSecure() is false) we'll
  not serve the request ( using 403 - Forbidden ).
  
  The 403 handler is able to do a redirect to the SSL server. The secure
  port must be configured using ContextManager.setSecurePort().
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.100.2.2 +4 -1      jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java
  
  Index: Context.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java,v
  retrieving revision 1.100.2.1
  retrieving revision 1.100.2.2
  diff -u -r1.100.2.1 -r1.100.2.2
  --- Context.java	2000/07/25 21:00:24	1.100.2.1
  +++ Context.java	2000/08/16 22:24:25	1.100.2.2
  @@ -627,7 +627,6 @@
   	wrapper.setContext( this );
   	String name=wrapper.getServletName();
   	//	System.out.println("Adding servlet " + name  + " " + wrapper);
  -
           // check for duplicates
           if (servlets.get(name) != null) {
   	    log("Removing duplicate servlet " + name  + " " + wrapper);
  @@ -993,6 +992,8 @@
           this.documentBase=s;
       }
   
  +    // -------------------- Virtual host support --------------------
  +
       /** Make this context visible as part of a virtual host
        */
       public void setHost( String h ) {
  @@ -1018,6 +1019,8 @@
   	return vhostAliases.elements();
       }
       // -------------------- Security - trusted code -------------------- 
  +
  +    
       
       public void setTrusted( boolean t ) {
   	trusted=t;
  
  
  
  1.100.2.4 +16 -2     jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java
  
  Index: ContextManager.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v
  retrieving revision 1.100.2.3
  retrieving revision 1.100.2.4
  diff -u -r1.100.2.3 -r1.100.2.4
  --- ContextManager.java	2000/08/14 23:55:36	1.100.2.3
  +++ ContextManager.java	2000/08/16 22:24:25	1.100.2.4
  @@ -165,6 +165,9 @@
        */
       String installDir;
   
  +    // port for SSL endpoint - for redirect
  +    int securePort=-1;
  +    
       /** Default work dir, relative to home
        */
       public static final String DEFAULT_WORK_DIR="work";
  @@ -258,6 +261,18 @@
   	installDir=tH;
       }
   
  +    public int getSecurePort() {
  +	return securePort;
  +    }
  +
  +    /** Secure port is set to the SSL connector that will handle
  +     *  INTEGRAL/CONFIDENTIAL transport. This is an initial solution,
  +     *  it may change !
  +     */
  +    public void setSecurePort(int p) {
  +	securePort=p;
  +    }
  +    
       /**
        * WorkDir property - where all working files will be created
        */
  @@ -295,8 +310,7 @@
       public void setPermissions(Object permissions) {
   	this.permissions = permissions;
       }
  -
  -
  +    
       // -------------------- Support functions --------------------
   
       /**
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.12.2.3  +76 -3     jakarta-tomcat/src/share/org/apache/tomcat/request/AccessInterceptor.java
  
  Index: AccessInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/AccessInterceptor.java,v
  retrieving revision 1.12.2.2
  retrieving revision 1.12.2.3
  diff -u -r1.12.2.2 -r1.12.2.3
  --- AccessInterceptor.java	2000/08/14 23:55:37	1.12.2.2
  +++ AccessInterceptor.java	2000/08/16 22:24:26	1.12.2.3
  @@ -64,6 +64,8 @@
   import org.apache.tomcat.core.Constants;
   import org.apache.tomcat.util.*;
   import javax.servlet.http.*;
  +import javax.servlet.*;
  +import java.io.*;
   import java.util.*;
   
   // XXX maybe it's a good idea to use a different model for adding secuirty
  @@ -127,6 +129,11 @@
   	if( debug > 0 ) log( "Init  " + ctx.getHost() + " " +
   			     ctx.getPath() + " " + login_type );
   	
  +	if( null==ctx.getErrorPage( "403" )) {
  +	    ctx.addServlet( new SSLRequiredHandler());
  +	    ctx.addErrorPage( "403", "tomcat.sslRequiredHandler");
  +	}
  +
   	if( "FORM".equals( login_type )) {
   	    String page=ctx.getFormLoginPage();
   	    String errorPage = ctx.getFormErrorPage();
  @@ -203,6 +210,7 @@
   	    // if unknown, leave the normal 404 error handler to deal
   	    // with unauthorized access.
   	}
  +
       }
       
       // XXX not implemented - will deal with that after everything else works.
  @@ -268,14 +276,24 @@
   			    sb.append( roles[j]).append(" ");
   		    log( sb.toString());
   		}
  +		// roles will be checked by a different interceptor
  +		if( roles!= null  && roles.length > 0) 
  +		    req.setRequiredRoles( roles );
  +
   		if( transport != null &&
   		    ! "NONE".equals( transport )) {
   		    req.setNote( reqTransportNote, transport );
  +
  +		    // check INTEGRAL or CONFIDENTIAL
  +		    if( "INTEGRAL".equalsIgnoreCase( transport ) ||
  +			"CONFIDENTIAL".equalsIgnoreCase( transport )) {
  +			if( debug>0) log( "Transport " + transport + " " + req.isSecure());
  +			if( ! req.isSecure() ) {
  +				return 403;
  +			}
  +		    }
   		}
   		
  -		// roles will be checked by a different interceptor
  -		if( roles!= null  && roles.length > 0) 
  -		    req.setRequiredRoles( roles );
   	    }
   	}
    	return 0;
  @@ -351,6 +369,60 @@
       }
   }
   
  +/** 403 - Forbiden.
  +    This handler will report that the page can't be accessed without
  +    SSL.
  +*/
  +class SSLRequiredHandler extends ServletWrapper {
  +    
  +    SSLRequiredHandler() {
  +	initialized=true;
  +	internal=true;
  +	name="tomcat.sslRequiredHandler";
  +    }
  +
  +    public void doService(Request req, Response res)
  +	throws Exception
  +    {
  +	Context ctx=req.getContext();
  +	ContextManager cm=ctx.getContextManager();
  +	
  +	int secureP=cm.getSecurePort();
  +	if( secureP <= 0 ) {
  +	    // 403 - this page requires SSL and we don't
  +	    // know any way to get there
  +	    res.setStatus( 403 );
  +	    StringBuffer body=new StringBuffer();
  +	    body.append("<h1>SSL required to access this page</H1>");
  +	    
  +	    res.setContentLength(body.length());
  +	    if( res.isUsingStream() ) {
  +		ServletOutputStream out = res.getOutputStream();
  +		out.print(body.toString());
  +		out.flush();
  +	    } else {
  +		PrintWriter out = res.getWriter();
  +		out.print(body);
  +		out.flush();
  +	    }
  +	} else {
  +	    StringBuffer securePage=new StringBuffer();
  +	    securePage.append("https://").append(req.getServerName());
  +	    securePage.append( ":" ).append(secureP );
  +	    // same context page, etc
  +	    securePage.append( req.getRequestURI());
  +	    String qS=req.getQueryString();
  +	    if( qS!=null) {
  +		securePage.append( "?").append( qS );
  +	    }
  +	    req.setAttribute("javax.servlet.error.message",
  +			     securePage.toString() );
  +	    contextM.handleStatus( req, res, 302 ); // redirect
  +	    return;
  +	}
  +    }
  +}
  +
   /** 401 - access denied. Will check if we have an authenticated user
       or not.
       XXX If we have user/pass, but still no permission  - display
  @@ -404,6 +476,7 @@
   	return; 
       }
   }
  +
   
   /** 
       j_security_check handler
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.26.2.2  +6 -4      jakarta-tomcat/src/share/org/apache/tomcat/service/http/HttpConnectionHandler.java
  
  Index: HttpConnectionHandler.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/HttpConnectionHandler.java,v
  retrieving revision 1.26.2.1
  retrieving revision 1.26.2.2
  diff -u -r1.26.2.1 -r1.26.2.2
  --- HttpConnectionHandler.java	2000/08/12 02:43:48	1.26.2.1
  +++ HttpConnectionHandler.java	2000/08/16 22:24:26	1.26.2.2
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/HttpConnectionHandler.java,v
1.26.2.1 2000/08/12 02:43:48 costin Exp $
  - * $Revision: 1.26.2.1 $
  - * $Date: 2000/08/12 02:43:48 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/service/http/HttpConnectionHandler.java,v
1.26.2.2 2000/08/16 22:24:26 costin Exp $
  + * $Revision: 1.26.2.2 $
  + * $Date: 2000/08/16 22:24:26 $
    *
    * ====================================================================
    *
  @@ -88,12 +88,14 @@
   	if("context.manager".equals(name) ) {
   	    contextM=(ContextManager)value;
   	}
  +	if("secure".equals(name) )
  +	    setSecure(true);
       }
   
       public void setSecure( boolean b ) {
   	secure=b;
       }
  -    
  +
       public void setServer( Object  contextM ) {
   	this.contextM=(ContextManager)contextM;
       }
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.13.2.2  +1 -0      jakarta-tomcat/src/share/org/apache/tomcat/startup/EmbededTomcat.java
  
  Index: EmbededTomcat.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/startup/EmbededTomcat.java,v
  retrieving revision 1.13.2.1
  retrieving revision 1.13.2.2
  diff -u -r1.13.2.1 -r1.13.2.2
  --- EmbededTomcat.java	2000/08/12 02:43:50	1.13.2.1
  +++ EmbededTomcat.java	2000/08/16 22:24:27	1.13.2.2
  @@ -122,6 +122,7 @@
   
   	PoolTcpConnector sc=new PoolTcpConnector();
   	sc.setServer( contextM );
  +	contextM.setSecurePort( port );
   	sc.setAttribute( "vhost_port" , new Integer( port ) );
   	if( addr != null ) sc.setAttribute( "vhost_address", addr );
   	if( hostname != null ) sc.setAttribute( "vhost_name", hostname );
  
  
  

Mime
View raw message