tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 6279] - Resubmit to j_security_check mistakenly fetches a page of that name
Date Fri, 01 Nov 2002 15:41:40 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6279>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6279

Resubmit to j_security_check mistakenly fetches a page of that name





------- Additional Comments From Brian.Ewins@btinternet.com  2002-11-01 15:41 -------
(sigh) Its never that simple is it...

I grabbed the 4.1 code to make the last change I described and submit the patch.
The problem is that of course the internals of Catalina arent real servlet
requests so you can't forward them. 

There is code in FormAuthenticator which does do the equivalent of a forward(),
by copying values into the request and returning true (so that the next handler
is invoked). Trying something like this breaks the contract of authenticate(),
and will cause more problems because the caller of authenticate()
(AuthenticatorBase()) appears to call authenticate() twice. I don't feel
comfortable with how intimate AuthenticatorBase needs to be with how
FormAuthenticator works if I fix this; I'll try to put a working patch together
at the weekend - a fix for this problem would be a good reason for us to upgrade
to 4.1. If anyone has any comments on the suggested fix I'd appreciate them!

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message