tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject cvs commit: jakarta-tomcat-catalina/webapps/docs changelog.xml
Date Wed, 11 May 2005 21:39:41 GMT
markt       2005/05/11 14:39:41

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        FormAuthenticator.java SavedRequest.java
               webapps/docs changelog.xml
  Log:
  Include request body in saved request when using FORM authentication.
   - Fixes problem with saved request assuming platform default encoding for POSTed
    parameters.
   - Improves restoration of request by using CoyoteRequest
  
  Revision  Changes    Path
  1.20      +89 -25    jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
  
  Index: FormAuthenticator.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- FormAuthenticator.java	31 Mar 2005 10:31:54 -0000	1.19
  +++ FormAuthenticator.java	11 May 2005 21:39:41 -0000	1.20
  @@ -19,11 +19,11 @@
   
   
   import java.io.IOException;
  +import java.io.InputStream;
   import java.security.Principal;
   import java.util.Enumeration;
   import java.util.Iterator;
   import java.util.Locale;
  -import java.util.Map;
   
   import javax.servlet.RequestDispatcher;
   import javax.servlet.http.Cookie;
  @@ -36,11 +36,14 @@
   import org.apache.catalina.deploy.LoginConfig;
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
  +import org.apache.coyote.InputBuffer;
  +import org.apache.coyote.http11.InputFilter;
  +import org.apache.coyote.http11.InternalInputBuffer;
  +import org.apache.tomcat.util.buf.ByteChunk;
   import org.apache.tomcat.util.buf.CharChunk;
   import org.apache.tomcat.util.buf.MessageBytes;
   
   
  -
   /**
    * An <b>Authenticator</b> and <b>Valve</b> implementation of FORM
BASED
    * Authentication, as described in the Servlet API Specification, Version 2.2.
  @@ -187,7 +190,8 @@
           if (matchRequest(request)) {
               session = request.getSessionInternal(true);
               if (log.isDebugEnabled())
  -                log.debug("Restore request from session '" + session.getIdInternal() 
  +                log.debug("Restore request from session '"
  +                          + session.getIdInternal() 
                             + "'");
               principal = (Principal)
                   session.getNote(Constants.FORM_PRINCIPAL_NOTE);
  @@ -273,7 +277,8 @@
               session = request.getSessionInternal(false);
           if (session == null) {
               if (containerLog.isDebugEnabled())
  -                containerLog.debug("User took so long to log on the session expired");
  +                containerLog.debug
  +                    ("User took so long to log on the session expired");
               response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
                                  sm.getString("authenticator.sessionExpired"));
               return (false);
  @@ -345,7 +350,8 @@
        * @param request The request to be restored
        * @param session The session containing the saved information
        */
  -    protected boolean restoreRequest(Request request, Session session) {
  +    protected boolean restoreRequest(Request request, Session session)
  +        throws IOException {
   
           // Retrieve and remove the SavedRequest object from our session
           SavedRequest saved = (SavedRequest)
  @@ -361,7 +367,8 @@
           while (cookies.hasNext()) {
               request.addCookie((Cookie) cookies.next());
           }
  -        request.clearHeaders();
  +
  +        request.getCoyoteRequest().getMimeHeaders().recycle();
           Iterator names = saved.getHeaderNames();
           while (names.hasNext()) {
               String name = (String) names.next();
  @@ -370,24 +377,39 @@
                   request.addHeader(name, (String) values.next());
               }
           }
  +        
           request.clearLocales();
           Iterator locales = saved.getLocales();
           while (locales.hasNext()) {
               request.addLocale((Locale) locales.next());
           }
  -        request.clearParameters();
  +        
  +        request.getCoyoteRequest().getParameters().recycle();
  +        
           if ("POST".equalsIgnoreCase(saved.getMethod())) {
  -            Iterator paramNames = saved.getParameterNames();
  -            while (paramNames.hasNext()) {
  -                String paramName = (String) paramNames.next();
  -                String paramValues[] =
  -                    saved.getParameterValues(paramName);
  -                request.addParameter(paramName, paramValues);
  -            }
  +            ByteChunk body = saved.getBody();
  +
  +            // Set content length
  +            request.getCoyoteRequest().setContentLength(body.getLength());
  +
  +            // Restore body
  +            InputFilter savedBody = new SavedRequestInputFilter(body);
  +            InternalInputBuffer internalBuffer = (InternalInputBuffer)
  +                request.getCoyoteRequest().getInputBuffer();
  +            internalBuffer.addActiveFilter(savedBody);
  +
  +            // Set content type
  +            MessageBytes contentType = MessageBytes.newInstance();
  +            contentType.setString("application/x-www-form-urlencoded");
  +            request.getCoyoteRequest().setContentType(contentType);
           }
  -        request.setMethod(saved.getMethod());
  -        request.setQueryString(saved.getQueryString());
  -        request.setRequestURI(saved.getRequestURI());
  +        request.getCoyoteRequest().method().setString(saved.getMethod());
  +
  +        request.getCoyoteRequest().queryString().setString
  +            (saved.getQueryString());
  +
  +        request.getCoyoteRequest().requestURI().setString
  +            (saved.getRequestURI());
           return (true);
   
       }
  @@ -398,8 +420,10 @@
        *
        * @param request The request to be saved
        * @param session The session to contain the saved information
  +     * @throws IOException
        */
  -    private void saveRequest(Request request, Session session) {
  +    private void saveRequest(Request request, Session session)
  +        throws IOException {
   
           // Create and populate a SavedRequest object for this request
           SavedRequest saved = new SavedRequest();
  @@ -422,13 +446,22 @@
               Locale locale = (Locale) locales.nextElement();
               saved.addLocale(locale);
           }
  -        Map parameters = request.getParameterMap();
  -        Iterator paramNames = parameters.keySet().iterator();
  -        while (paramNames.hasNext()) {
  -            String paramName = (String) paramNames.next();
  -            String paramValues[] = (String[]) parameters.get(paramName);
  -            saved.addParameter(paramName, paramValues);
  +
  +        if ("POST".equalsIgnoreCase(request.getMethod())) {
  +            // Note that the size of the request body is limited by:
  +            // request.getConnector().getMaxPostSize()
  +
  +            byte[] buffer = new byte[4096];
  +            int bytesRead;
  +            InputStream is = request.getInputStream();
  +            ByteChunk body = new ByteChunk();
  +            
  +            while ( (bytesRead = is.read(buffer) ) >= 0) {
  +                body.append(buffer, 0, bytesRead);
  +            }
  +            saved.setBody(body);
           }
  +
           saved.setMethod(request.getMethod());
           saved.setQueryString(request.getQueryString());
           saved.setRequestURI(request.getRequestURI());
  @@ -460,5 +493,36 @@
   
       }
   
  +    protected class SavedRequestInputFilter implements InputFilter {
  +
  +        protected ByteChunk input = null;
  +
  +        public SavedRequestInputFilter(ByteChunk input) {
  +            this.input = input;
  +        }
  +
  +        public int doRead(ByteChunk chunk, org.apache.coyote.Request request)
  +        throws IOException {
  +            return input.substract(chunk);
  +        }
  +
  +		public void setRequest(org.apache.coyote.Request request) {
  +		}
  +
  +		public void recycle() {
  +            input = null;
  +		}
  +
  +		public ByteChunk getEncodingName() {
  +			return null;
  +		}
  +
  +		public void setBuffer(InputBuffer buffer) {
  +		}
  +
  +		public long end() throws IOException {
  +			return 0;
  +		}
  +    }
   
   }
  
  
  
  1.4       +15 -6     jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SavedRequest.java
  
  Index: SavedRequest.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SavedRequest.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- SavedRequest.java	27 Feb 2004 14:58:41 -0000	1.3
  +++ SavedRequest.java	11 May 2005 21:39:41 -0000	1.4
  @@ -25,6 +25,8 @@
   
   import javax.servlet.http.Cookie;
   
  +import org.apache.tomcat.util.buf.ByteChunk;
  +
   
   /**
    * Object that saves the critical information from a request so that
  @@ -34,11 +36,6 @@
    * <b>IMPLEMENTATION NOTE</b> - It is assumed that this object is accessed
    * only from the context of a single thread, so no synchronization around
    * internal collection classes is performed.
  - * <p>
  - * <b>FIXME</b> - Currently, this object has no mechanism to save or
  - * restore the data content of the request, although it does save
  - * request parameters so that a POST transaction can be faithfully
  - * duplicated.
    *
    * @author Craig R. McClanahan
    * @version $Revision$ $Date$
  @@ -167,5 +164,17 @@
           this.requestURI = requestURI;
       }
   
  +    
  +    /**
  +     * The body of this request.
  +     */
  +    private ByteChunk body = null;
  +    
  +    public ByteChunk getBody() {
  +        return (this.body);
  +    }
   
  +    public void setBody(ByteChunk body) {
  +        this.body = body;
  +    }
   }
  
  
  
  1.307     +5 -0      jakarta-tomcat-catalina/webapps/docs/changelog.xml
  
  Index: changelog.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
  retrieving revision 1.306
  retrieving revision 1.307
  diff -u -r1.306 -r1.307
  --- changelog.xml	11 May 2005 21:22:14 -0000	1.306
  +++ changelog.xml	11 May 2005 21:39:41 -0000	1.307
  @@ -148,6 +148,11 @@
         <fix>
           Fix NPE when POST size exceeds limit defined by maxPostSize. (markt)
         </fix>
  +      <fix>
  +        Fix FORM authentication so POSTed parameters are not assumed to be encoded with
platform
  +        default encoding. A side effect of this fix is that the bodies of POST requests
that
  +        require FORM authentication are now buffered and made available after a sucessful
login. (markt)
  +      </fix>
       </changelog>
     </subsection>
     
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message