tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject cvs commit: jakarta-tomcat-catalina/webapps/docs changelog.xml
Date Thu, 28 Apr 2005 18:55:57 GMT
markt       2005/04/28 11:55:57

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        BasicAuthenticator.java
               webapps/docs changelog.xml
  Log:
  Fix bug 22617. When used with an EJB container and a realm that supports the concept
   of an unauthenticated user (J2EE.3.4.3) BASIC authentication was always
   authenticating users as the unauthenticated user without giving them a chance to
   supply a username and password.
   - Ported from TC4.
  
  Revision  Changes    Path
  1.12      +8 -7      jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java
  
  Index: BasicAuthenticator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/BasicAuthenticator.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- BasicAuthenticator.java	18 Jan 2005 22:11:57 -0000	1.11
  +++ BasicAuthenticator.java	28 Apr 2005 18:55:57 -0000	1.12
  @@ -176,14 +176,15 @@
                   
                   authorizationBC.setOffset(authorizationBC.getOffset() - 6);
               }
  +
  +            principal = context.getRealm().authenticate(username, password);
  +            if (principal != null) {
  +                register(request, response, principal, Constants.BASIC_METHOD,
  +                         username, password);
  +                return (true);
  +            }
           }
           
  -        principal = context.getRealm().authenticate(username, password);
  -        if (principal != null) {
  -            register(request, response, principal, Constants.BASIC_METHOD,
  -                     username, password);
  -            return (true);
  -        }
   
           // Send an "unauthorized" response and an appropriate challenge
           MessageBytes authenticate = 
  
  
  
  1.294     +6 -0      jakarta-tomcat-catalina/webapps/docs/changelog.xml
  
  Index: changelog.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
  retrieving revision 1.293
  retrieving revision 1.294
  diff -u -r1.293 -r1.294
  --- changelog.xml	28 Apr 2005 12:32:05 -0000	1.293
  +++ changelog.xml	28 Apr 2005 18:55:57 -0000	1.294
  @@ -115,6 +115,12 @@
           If APR as well as Tomcat's JNI wrapper for APR are present, use APRized protocol
handlers
           instead of the regular ones (remm)
         </update>
  +      <fix>
  +        <bug>22617</bug>: When used with an EJB container and a realm that
supports the concept
  +        of an unauthenticated user (J2EE.3.4.3) BASIC authentication was always authenticating
  +        users as the unauthenticated user without giving them a chance to supply a username
and
  +        password. (markt)
  +      </fix>
       </changelog>
     </subsection>
     
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message