tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator FormAuthenticator.java
Date Sun, 27 Feb 2005 18:27:09 GMT
markt       2005/02/27 10:27:09

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        FormAuthenticator.java
  Log:
  Fix bug 27128. Request parameters now restored after form authentication if cache=false
   - Ported fix from TC5
  
  Set the notes even when caching. This is harmless from a performance standpoint,
  but since the principal might not be serializable it would cause issues with SSO and
  clustering.
   - Ported from TC5
  
  Revision  Changes    Path
  1.25      +16 -10    jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
  
  Index: FormAuthenticator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- FormAuthenticator.java	7 Jan 2005 09:24:19 -0000	1.24
  +++ FormAuthenticator.java	27 Feb 2005 18:27:09 -0000	1.25
  @@ -164,10 +164,12 @@
                       context.getRealm().authenticate(username, password);
                   if (principal != null) {
                       session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
  -                    register(request, response, principal,
  -                             Constants.FORM_METHOD,
  -                             username, password);
  -                    return (true);
  +                    if (!matchRequest(request)) {
  +                        register(request, response, principal,
  +                                 Constants.FORM_METHOD,
  +                                 username, password);
  +                        return (true);
  +                    }
                   }
                   if (debug >= 1)
                       log("Reauthentication failed, proceed normally");
  @@ -185,6 +187,12 @@
               register(request, response, principal, Constants.FORM_METHOD,
                        (String) session.getNote(Constants.SESS_USERNAME_NOTE),
                        (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
  +            // If we're caching principals we no longer need the username
  +            // and password in the session, so remove them
  +            if (cache) {
  +                session.removeNote(Constants.SESS_USERNAME_NOTE);
  +                session.removeNote(Constants.SESS_PASSWORD_NOTE);
  +            }
               if (restoreRequest(request, session)) {
                   if (debug >= 1)
                       log("Proceed to restored request");
  @@ -274,11 +282,9 @@
           // Save the authenticated Principal in our session
           session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
   
  -        // If we are not caching, save the username and password as well
  -        if (!cache) {
  -            session.setNote(Constants.SESS_USERNAME_NOTE, username);
  -            session.setNote(Constants.SESS_PASSWORD_NOTE, password);
  -        }
  +        // Save the username and password as well
  +        session.setNote(Constants.SESS_USERNAME_NOTE, username);
  +        session.setNote(Constants.SESS_PASSWORD_NOTE, password);
   
           // Redirect the user to the original request URI (which will cause
           // the original request to be restored)
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message