tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session ManagerBase.java PersistentManager.java StandardSession.java
Date Wed, 14 Mar 2001 02:17:23 GMT
craigmcc    01/03/13 18:17:23

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        AuthenticatorBase.java FormAuthenticator.java
               catalina/src/share/org/apache/catalina/connector
                        HttpRequestBase.java HttpResponseBase.java
               catalina/src/share/org/apache/catalina/core
                        StandardContextValve.java
               catalina/src/share/org/apache/catalina/session
                        ManagerBase.java PersistentManager.java
                        StandardSession.java
  Log:
  Restore the correct operation of form-based login.
  
  The problem was caused by the following scenario:
  - Form based login authenticator would create a session in which to
    cache the original request while sending the login page
  - The access() method of the new session was being called, which set
    the "isNew" property to false, even though the session id had not
    yet been communicated to the client
  - Because isNew was false, the session id cookie was never sent
  - When the form login page was received and processed, and the user
    correctly authenticated, no session id was included -- so the cached
    original request could not be recovered.  This triggered an
    "Error 400 - Bad Request" error
  
  As a side effect of this change, the last accessed time of a session is
  now correctly updated at the beginning of each request, whether or not the
  servlet actually calls request.getSession() to acquire a reference to it.
  See Servlet Specification, version 2.3 (PFD), Section 7.6 (p. 51).
  
  Revision  Changes    Path
  1.8       +5 -5      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
  
  Index: AuthenticatorBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- AuthenticatorBase.java	2001/01/23 02:53:02	1.7
  +++ AuthenticatorBase.java	2001/03/14 02:17:20	1.8
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.7 2001/01/23 02:53:02 craigmcc Exp $
  - * $Revision: 1.7 $
  - * $Date: 2001/01/23 02:53:02 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.8 2001/03/14 02:17:20 craigmcc Exp $
  + * $Revision: 1.8 $
  + * $Date: 2001/03/14 02:17:20 $
    *
    * ====================================================================
    *
  @@ -117,7 +117,7 @@
    * requests.  Requests of any other type will simply be passed through.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.7 $ $Date: 2001/01/23 02:53:02 $
  + * @version $Revision: 1.8 $ $Date: 2001/03/14 02:17:20 $
    */
   
   
  @@ -167,7 +167,7 @@
       /**
        * The debugging detail level for this component.
        */
  -    protected int debug = 0;
  +    protected int debug = 99;
   
   
       /**
  
  
  
  1.7       +25 -8     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
  
  Index: FormAuthenticator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- FormAuthenticator.java	2000/12/16 04:03:29	1.6
  +++ FormAuthenticator.java	2001/03/14 02:17:20	1.7
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
1.6 2000/12/16 04:03:29 craigmcc Exp $
  - * $Revision: 1.6 $
  - * $Date: 2000/12/16 04:03:29 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
1.7 2001/03/14 02:17:20 craigmcc Exp $
  + * $Revision: 1.7 $
  + * $Date: 2001/03/14 02:17:20 $
    *
    * ====================================================================
    *
  @@ -88,7 +88,7 @@
    * Authentication, as described in the Servlet API Specification, Version 2.2.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.6 $ $Date: 2000/12/16 04:03:29 $
  + * @version $Revision: 1.7 $ $Date: 2001/03/14 02:17:20 $
    */
   
   public final class FormAuthenticator
  @@ -142,8 +142,12 @@
   	// Have we already authenticated someone?
   	Principal principal =
   	    ((HttpServletRequest) request.getRequest()).getUserPrincipal();
  -	if (principal != null)
  +	if (principal != null) {
  +            if (debug >= 1)
  +                log("Already authenticated '" +
  +                    principal.getName() + "'");
   	    return (true);
  +        }
   
   	// Acquire references to objects we will need to evaluate
   	HttpServletRequest hreq =
  @@ -159,8 +163,11 @@
   	// displaying it twice (from the user's perspective) -- once because
   	// of the "save and redirect" and once because of the "restore and
   	// redirect" performed below.
  -	if (requestURI.equals(contextPath + config.getLoginPage()))
  +	if (requestURI.equals(contextPath + config.getLoginPage())) {
  +            if (debug >= 1)
  +                log("Requesting login page normally");
   	    return (true);	// Display the login page in the usual manner
  +        }
   
   	// Is this the action request from the login page?
   	boolean loginAction =
  @@ -170,6 +177,8 @@
   	// No -- Save this request and redirect to the form login page
   	if (!loginAction) {
   	    session = getSession(request, true);
  +            if (debug >= 1)
  +                log("Save request in session '" + session.getId() + "'");
   	    saveRequest(request, session);
   	    request.setRequestURI(contextPath + config.getLoginPage());
   	    return (true);	// Display the login page in the usual manner
  @@ -182,6 +191,8 @@
   	String password = hreq.getParameter(Constants.FORM_PASSWORD);
   	principal = realm.authenticate(username, password);
   	if (principal == null) {
  +            if (debug >= 1)
  +                log("Authentication failed, show error page");
   	    request.setRequestURI(contextPath + config.getErrorPage());
   	    return (true);	// Display the error page in the usual manner
   	}
  @@ -189,10 +200,16 @@
   
   	// Restore this request and redirect to the original request URI
           session = getSession(request, true);
  +        if (debug >= 1)
  +            log("restore request from session '" + session.getId() + "'");
           register(request, response, principal, Constants.FORM_METHOD);
  -	if (restoreRequest(request, session))
  +	if (restoreRequest(request, session)) {
  +            if (debug >= 1)
  +                log("Proceed to restored request");
   	    return (true);		// Perform the original request
  -	else {
  +	} else {
  +            if (debug >= 1)
  +                log("Restore of original request failed");
   	    hres.sendError(HttpServletResponse.SC_BAD_REQUEST);
               //	    hres.flushBuffer();
   	    return (false);
  
  
  
  1.17      +4 -5      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
  
  Index: HttpRequestBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- HttpRequestBase.java	2001/02/04 00:47:59	1.16
  +++ HttpRequestBase.java	2001/03/14 02:17:21	1.17
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.16 2001/02/04 00:47:59 glenn Exp $
  - * $Revision: 1.16 $
  - * $Date: 2001/02/04 00:47:59 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.17 2001/03/14 02:17:21 craigmcc Exp $
  + * $Revision: 1.17 $
  + * $Date: 2001/03/14 02:17:21 $
    *
    * ====================================================================
    *
  @@ -100,7 +100,7 @@
    * be implemented.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.16 $ $Date: 2001/02/04 00:47:59 $
  + * @version $Revision: 1.17 $ $Date: 2001/03/14 02:17:21 $
    */
   
   public class HttpRequestBase
  @@ -1042,7 +1042,6 @@
   	    if ((session != null) && !session.isValid())
   	        session = null;
   	    if (session != null) {
  -		session.access();
   		return (session.getSession());
   	    }
   	}
  
  
  
  1.28      +12 -12    jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java
  
  Index: HttpResponseBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- HttpResponseBase.java	2001/02/04 00:48:21	1.27
  +++ HttpResponseBase.java	2001/03/14 02:17:21	1.28
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
1.27 2001/02/04 00:48:21 glenn Exp $
  - * $Revision: 1.27 $
  - * $Date: 2001/02/04 00:48:21 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
1.28 2001/03/14 02:17:21 craigmcc Exp $
  + * $Revision: 1.28 $
  + * $Date: 2001/03/14 02:17:21 $
    *
    * ====================================================================
    *
  @@ -99,7 +99,7 @@
    *
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.27 $ $Date: 2001/02/04 00:48:21 $
  + * @version $Revision: 1.28 $ $Date: 2001/03/14 02:17:21 $
    */
   
   public class HttpResponseBase
  @@ -541,9 +541,9 @@
   	    outputWriter.print(message);
   	}
   	outputWriter.print("\r\n");
  -        //        System.out.println("sendHeaders: " +
  -        //                           request.getRequest().getProtocol() +
  -        //                           " " + status + " " + message);
  +        // System.out.println("sendHeaders: " +
  +        //                    request.getRequest().getProtocol() +
  +        //                    " " + status + " " + message);
   
   	// Send the content-length and content-type headers (if any)
   	if (getContentType() != null) {
  @@ -604,17 +604,17 @@
   		outputWriter.print(": ");
   		outputWriter.print(CookieTools.getCookieHeaderValue(cookie));
   		outputWriter.print("\r\n");
  -                // System.out.println(" " +
  -                // CookieTools.getCookieHeaderName(cookie) +
  -                //     ": " +
  -                //     CookieTools.getCookieHeaderValue(cookie));
  +                //System.out.println(" " +
  +                //                   CookieTools.getCookieHeaderName(cookie) +
  +                //                   ": " +
  +                //                   CookieTools.getCookieHeaderValue(cookie));
   	    }
   	}
   
   	// Send a terminating blank line to mark the end of the headers
   	outputWriter.print("\r\n");
   	outputWriter.flush();
  -        //        System.out.println("----------");
  +        // System.out.println("----------");
   
           // The response is now committed
           committed = true;
  
  
  
  1.8       +21 -9     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java
  
  Index: StandardContextValve.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- StandardContextValve.java	2001/01/25 18:36:26	1.7
  +++ StandardContextValve.java	2001/03/14 02:17:21	1.8
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v
1.7 2001/01/25 18:36:26 remm Exp $
  - * $Revision: 1.7 $
  - * $Date: 2001/01/25 18:36:26 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v
1.8 2001/03/14 02:17:21 craigmcc Exp $
  + * $Revision: 1.8 $
  + * $Date: 2001/03/14 02:17:21 $
    *
    * ====================================================================
    *
  @@ -73,8 +73,10 @@
   import javax.naming.NamingException;
   import org.apache.naming.ContextBindings;
   import org.apache.catalina.Container;
  +import org.apache.catalina.Manager;
   import org.apache.catalina.Request;
   import org.apache.catalina.Response;
  +import org.apache.catalina.Session;
   import org.apache.catalina.ValveContext;
   import org.apache.catalina.Wrapper;
   import org.apache.catalina.util.StringManager;
  @@ -89,7 +91,7 @@
    * when processing HTTP requests.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.7 $ $Date: 2001/01/25 18:36:26 $
  + * @version $Revision: 1.8 $ $Date: 2001/03/14 02:17:21 $
    */
   
   final class StandardContextValve
  @@ -152,10 +154,9 @@
   	}
   
           // Disallow any direct access to resources under WEB-INF or META-INF
  -        String contextPath =
  -            ((HttpServletRequest) request.getRequest()).getContextPath();
  -        String requestURI =
  -            ((HttpServletRequest) request.getRequest()).getRequestURI();
  +        HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
  +        String contextPath = hreq.getContextPath();
  +        String requestURI = hreq.getRequestURI();
           String relativeURI =
               requestURI.substring(contextPath.length()).toUpperCase();
           if (relativeURI.equals("/META-INF") ||
  @@ -171,8 +172,19 @@
               return;
           }
   
  -	// Select the Wrapper to be used for this Request
  +        // Update the session last access time for our session (if any)
   	StandardContext context = (StandardContext) getContainer();
  +        String sessionId = hreq.getRequestedSessionId();
  +        if (sessionId != null) {
  +            Manager manager = context.getManager();
  +            if (manager != null) {
  +                Session session = manager.findSession(sessionId);
  +                if ((session != null) && session.isValid())
  +                    session.access();
  +            }
  +        }
  +
  +	// Select the Wrapper to be used for this Request
   	Wrapper wrapper = (Wrapper) context.map(request, true);
   	if (wrapper == null) {
               notFound(requestURI, (HttpServletResponse) response.getResponse());
  
  
  
  1.5       +4 -6      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java
  
  Index: ManagerBase.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ManagerBase.java	2001/02/03 20:36:20	1.4
  +++ ManagerBase.java	2001/03/14 02:17:22	1.5
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
1.4 2001/02/03 20:36:20 remm Exp $
  - * $Revision: 1.4 $
  - * $Date: 2001/02/03 20:36:20 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
1.5 2001/03/14 02:17:22 craigmcc Exp $
  + * $Revision: 1.5 $
  + * $Date: 2001/03/14 02:17:22 $
    *
    * ====================================================================
    *
  @@ -86,7 +86,7 @@
    * be subclassed to create more sophisticated Manager implementations.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.4 $ $Date: 2001/02/03 20:36:20 $
  + * @version $Revision: 1.5 $ $Date: 2001/03/14 02:17:22 $
    */
   
   public abstract class ManagerBase implements Manager {
  @@ -547,8 +547,6 @@
   	    return (null);
   	synchronized (sessions) {
   	    Session session = (Session) sessions.get(id);
  -	    if (session != null)
  -		session.access();
   	    return (session);
   	}
   
  
  
  
  1.2       +4 -6      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java
  
  Index: PersistentManager.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- PersistentManager.java	2001/02/03 20:36:21	1.1
  +++ PersistentManager.java	2001/03/14 02:17:22	1.2
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v
1.1 2001/02/03 20:36:21 remm Exp $
  - * $Revision: 1.1 $
  - * $Date: 2001/02/03 20:36:21 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v
1.2 2001/03/14 02:17:22 craigmcc Exp $
  + * $Revision: 1.2 $
  + * $Date: 2001/03/14 02:17:22 $
    *
    * ====================================================================
    *
  @@ -106,7 +106,7 @@
    * <li>Limit the number of active sessions kept in memory by
    *     swapping less active sessions out to disk.</li>
    *
  - * @version $Revision: 1.1 $
  + * @version $Revision: 1.2 $
    * @author Kief Morris (kief@kief.com)
    */
   
  @@ -464,8 +464,6 @@
   		maxIdleBackup >= 0)
   	    session = swapIn(id);
   
  -	if (session != null)
  -	    session.access();
   	return (session);
   
       }
  
  
  
  1.14      +5 -5      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java
  
  Index: StandardSession.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- StandardSession.java	2001/02/06 17:12:26	1.13
  +++ StandardSession.java	2001/03/14 02:17:22	1.14
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
1.13 2001/02/06 17:12:26 craigmcc Exp $
  - * $Revision: 1.13 $
  - * $Date: 2001/02/06 17:12:26 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
1.14 2001/03/14 02:17:22 craigmcc Exp $
  + * $Revision: 1.14 $
  + * $Date: 2001/03/14 02:17:22 $
    *
    * ====================================================================
    *
  @@ -110,7 +110,7 @@
    * @author Craig R. McClanahan
    * @author Sean Legassick
    * @author <a href="mailto:jon@latchkey.com">Jon S. Stevens</a>
  - * @version $Revision: 1.13 $ $Date: 2001/02/06 17:12:26 $
  + * @version $Revision: 1.14 $ $Date: 2001/03/14 02:17:22 $
    */
   
   class StandardSession
  @@ -481,7 +481,7 @@
        */
       public void access() {
   
  -	this.isNew = false;
  +        this.isNew = false;
   	this.lastAccessedTime = this.thisAccessedTime;
   	this.thisAccessedTime = System.currentTimeMillis();
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-dev-help@jakarta.apache.org


Mime
View raw message