tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator BasicAuthenticator.java
Date Thu, 28 Apr 2005 18:54:54 GMT
markt       2005/04/28 11:54:54

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        BasicAuthenticator.java
  Log:
  Fix bug 22617. When used with an EJB container and a realm that supports the concept
   of an unauthenticated user (J2EE.3.4.3) BASIC authentication was always
   authenticating users as the unauthenticated user without giving them a chance to
   supply a username and password.
  Also fixed some static access warnings highlighted by Eclipse.
  
  Revision  Changes    Path
  1.16      +16 -22    jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java
  
  Index: BasicAuthenticator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- BasicAuthenticator.java	26 Aug 2004 21:27:39 -0000	1.15
  +++ BasicAuthenticator.java	28 Apr 2005 18:54:54 -0000	1.16
  @@ -46,12 +46,6 @@
   
   
       /**
  -     * The Base64 helper object for this class.
  -     */
  -    protected static final Base64 base64Helper = new Base64();
  -
  -
  -    /**
        * Descriptive information about this implementation.
        */
       protected static final String info =
  @@ -66,7 +60,7 @@
        */
       public String getInfo() {
   
  -        return (this.info);
  +        return (info);
   
       }
   
  @@ -125,15 +119,19 @@
           HttpServletResponse hres =
               (HttpServletResponse) response.getResponse();
           String authorization = request.getAuthorization();
  -        String username = parseUsername(authorization);
  -        String password = parsePassword(authorization);
  -        principal = context.getRealm().authenticate(username, password);
  -        if (principal != null) {
  -            register(request, response, principal, Constants.BASIC_METHOD,
  -                     username, password);
  -            return (true);
  -        }
   
  +        // Only authenticate if there is an authorization header
  +        if (authorization != null) {
  +            String username = parseUsername(authorization);
  +            String password = parsePassword(authorization);
  +            principal = context.getRealm().authenticate(username, password);
  +            if (principal != null) {
  +                register(request, response, principal, Constants.BASIC_METHOD,
  +                         username, password);
  +                return (true);
  +            }
  +        }
  +        
           // Send an "unauthorized" response and an appropriate challenge
           String realmName = config.getRealmName();
           if (realmName == null)
  @@ -160,15 +158,13 @@
        */
       protected String parseUsername(String authorization) {
   
  -        if (authorization == null)
  -            return (null);
           if (!authorization.toLowerCase().startsWith("basic "))
               return (null);
           authorization = authorization.substring(6).trim();
   
           // Decode and parse the authorization credentials
           String unencoded =
  -          new String(base64Helper.decode(authorization.getBytes()));
  +          new String(Base64.decode(authorization.getBytes()));
           int colon = unencoded.indexOf(':');
           if (colon < 0)
               return (null);
  @@ -187,15 +183,13 @@
        */
       protected String parsePassword(String authorization) {
   
  -        if (authorization == null)
  -            return (null);
           if (!authorization.startsWith("Basic "))
               return (null);
           authorization = authorization.substring(6).trim();
   
           // Decode and parse the authorization credentials
           String unencoded =
  -          new String(base64Helper.decode(authorization.getBytes()));
  +          new String(Base64.decode(authorization.getBytes()));
           int colon = unencoded.indexOf(':');
           if (colon < 0)
               return (null);
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message