tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Ellis <ellis...@yahoo.com>
Subject Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java
Date Wed, 16 May 2001 13:50:45 GMT

--- craigmcc@apache.org wrote:
> craigmcc    01/05/15 18:43:56
> 
>   Modified:   
> catalina/src/share/org/apache/catalina/authenticator
>                         AuthenticatorBase.java
>   Log:
>   Revert the previous change, back to what was 1.13.
>   
>   Revision  Changes    Path
>   1.15      +97 -31   
>
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
>   
>   Index: AuthenticatorBase.java
>  
>
===================================================================
>   RCS file:
>
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
>   retrieving revision 1.14
>   retrieving revision 1.15
>   diff -u -r1.14 -r1.15
>   --- AuthenticatorBase.java	2001/05/16 01:40:00
> 1.14
>   +++ AuthenticatorBase.java	2001/05/16 01:43:54
> 1.15
>   @@ -1,7 +1,7 @@
>    /*
>   - * $Header:
>
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
> 1.14 2001/05/16 01:40:00 craigmcc Exp $
>   - * $Revision: 1.14 $
>   - * $Date: 2001/05/16 01:40:00 $
>   + * $Header:
>
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
> 1.15 2001/05/16 01:43:54 craigmcc Exp $
>   + * $Revision: 1.15 $
>   + * $Date: 2001/05/16 01:43:54 $
>     *
>     *
>
====================================================================
>     *
>   @@ -66,6 +66,8 @@
>    
>    
>    import java.io.IOException;
>   +import java.net.MalformedURLException;
>   +import java.net.URL;
>    import java.security.MessageDigest;
>    import java.security.NoSuchAlgorithmException;
>    import java.security.Principal;
>   @@ -119,7 +121,7 @@
>     * requests.  Requests of any other type will
> simply be passed through.
>     *
>     * @author Craig R. McClanahan
>   - * @version $Revision: 1.14 $ $Date: 2001/05/16
> 01:40:00 $
>   + * @version $Revision: 1.15 $ $Date: 2001/05/16
> 01:43:54 $
>     */
>    
>    
>   @@ -474,32 +476,41 @@
>    	    log(" Subject to constraint " + constraint);
>    
>    	// Enforce any user data constraint for this
> security constraint
>   +        if (debug >= 1)
>   +            log(" Calling checkUserData()");
>    	if (!checkUserData(hrequest, hresponse,
> constraint)) {
>    	    if (debug >= 1)
>    	        log(" Failed checkUserData() test");
>   -            ((HttpServletResponse)
> hresponse.getResponse()).sendError
>   -               
> (HttpServletResponse.SC_FORBIDDEN,
>   -                 ((HttpServletRequest)
> hrequest.getRequest()).getRequestURI());
>   -	    return;
>   -	}
>   -
>   -	// Authenticate based upon the specified login
> configuration
>   -	if (!authenticate(hrequest, hresponse, config))
> {
>   -	    if (debug >= 1)
>   -	        log(" Failed authenticate() test");
>                // ASSERT: Authenticator already set
> the appropriate
>                // HTTP status code, so we do not
> have to do anything special
>    	    return;
>    	}
>    
>   +	// Authenticate based upon the specified login
> configuration
>   +        if (constraint.getAuthConstraint()) {
>   +            if (debug >= 1)
>   +                log(" Calling authenticate()");
>   +            if (!authenticate(hrequest,
> hresponse, config)) {
>   +                if (debug >= 1)
>   +                    log(" Failed authenticate()
> test");
>   +                // ASSERT: Authenticator already
> set the appropriate
>   +                // HTTP status code, so we do not
> have to do anything special
>   +                return;
>   +            }
>   +        }
>   +
>    	// Perform access control based on the specified
> role(s)
>   -	if (!accessControl(hrequest, hresponse,
> constraint)) {
>   -	    if (debug >= 1)
>   -	        log(" Failed accessControl() test");
>   -            // ASSERT: Access control method has
> already set the appropriate
>   -            // HTTP status code, so we do not
> have to do anything special
>   -	    return;
>   -	}
>   +        if (constraint.getAuthConstraint()) {
>   +            if (debug >= 1)
>   +                log(" Calling accessControl()");
>   +            if (!accessControl(hrequest,
> hresponse, constraint)) {
>   +                if (debug >= 1)
>   +                    log(" Failed accessControl()
> test");
>   +                // ASSERT: AccessControl method
> has already set the appropriate
>   +                // HTTP status code, so we do not
> have to do anything special
>   +                return;
>   +            }
>   +        }
>    
>    	// Any and all specified constraints have been
> satisfied
>    	if (debug >= 1)
>   @@ -634,22 +645,77 @@
>    	throws IOException {
>    
>    	// Is there a relevant user data constraint?
>   -	if (constraint == null)
>   +	if (constraint == null) {
>   +            if (debug >= 2)
>   +		log("  No applicable security constraint
> defined");
>    	    return (true);
>   +        }
>    	String userConstraint =
> constraint.getUserConstraint();
>   -	if (userConstraint == null)
>   +	if (userConstraint == null) {
>   +            if (debug >= 2)
>   +		log("  No applicable user data constraint
> defined");
>    	    return (true);
>   -	if
> (userConstraint.equals(Constants.NONE_TRANSPORT))
>   +        }
>   +	if
> (userConstraint.equals(Constants.NONE_TRANSPORT)) {
>   +            if (debug >= 2)
>   +                log("  User data constraint has
> no restrictions");
>    	    return (true);
>   +        }
>    
>    	// Validate the request against the user data
> constraint
>   -	if (!request.getRequest().isSecure()) {
>   -	    ((HttpServletResponse)
> response.getResponse()).sendError
>   -		(HttpServletResponse.SC_BAD_REQUEST,
>   -		
> sm.getString("authenticator.userDataConstraint"));
>   -	    return (false);
>   -	}
>   -	return (true);
>   +	if (request.getRequest().isSecure()) {
>   +            if (debug >= 2)
>   +                log("  User data constraint
> already satisfied");
>   +            return (true);
>   +        }
>   +
>   +        // Initialize variables we need to
> determine the appropriate action
>   +        HttpServletRequest hrequest =
>   +            (HttpServletRequest)
> request.getRequest();
>   +        HttpServletResponse hresponse =
>   +            (HttpServletResponse)
> response.getResponse();
>   +        int redirectPort =
> request.getConnector().getRedirectPort();
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

Mime
View raw message