Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6A2661083D for ; Sat, 8 Feb 2014 19:19:37 +0000 (UTC) Received: (qmail 88705 invoked by uid 500); 8 Feb 2014 19:19:34 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 88649 invoked by uid 500); 8 Feb 2014 19:19:34 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 88639 invoked by uid 99); 8 Feb 2014 19:19:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 08 Feb 2014 19:19:34 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.131] (HELO eos.apache.org) (140.211.11.131) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 08 Feb 2014 19:19:31 +0000 Received: from eos.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id 8D67EE8C for ; Sat, 8 Feb 2014 19:19:10 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Apache Wiki To: Apache Wiki Date: Sat, 08 Feb 2014 19:19:10 -0000 Message-ID: <20140208191910.23641.25353@eos.apache.org> Subject: =?utf-8?q?=5BTomcat_Wiki=5D_Update_of_=22SSLWithFORMFallback7=22_by_GaryB?= =?utf-8?q?riggs?= Auto-Submitted: auto-generated X-Virus-Checked: Checked by ClamAV on apache.org Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for ch= ange notification. The "SSLWithFORMFallback7" page has been changed by GaryBriggs: https://wiki.apache.org/tomcat/SSLWithFORMFallback7 Comment: Adding an SSLWithFORMFallback alternative that works with Tomcat7 New page: This is another SSLWithFORMFallback class, this time for Tomcat 7. This is = heavily reappropriated from the Tomcat 6 version by Vegar Neshaug Gary {{{ import java.io.IOException; import java.security.Principal; import java.security.cert.X509Certificate; import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.http.HttpServletRequest; import org.apache.catalina.Container; import org.apache.catalina.Globals; import org.apache.catalina.LifecycleException; import org.apache.catalina.authenticator.AuthenticatorBase; import org.apache.catalina.authenticator.Constants; import org.apache.catalina.authenticator.FormAuthenticator; import org.apache.catalina.authenticator.SSLAuthenticator; import org.apache.catalina.connector.Request; import org.apache.catalina.deploy.LoginConfig; import org.apache.coyote.ActionCode; /** Mostly borrowed from: http://wiki.apache.org/tomcat/SSLWithFORMFallback6 * * @author Vegar Neshaug, minor edits for Tomcat7 by Gary Briggs */ public class SSLWithFORMFallback7 extends AuthenticatorBase { FormAuthenticator formAuthenticator =3D new FormAuthenticator(); SSLAuthenticator sslAuthenticator =3D new SSLAuthenticator(); @Override public boolean authenticate(Request rqst, javax.servlet.http.HttpServle= tResponse resp, LoginConfig lc) throws IOException { // Have we already authenticated someone?) Principal principal =3D rqst.getUserPrincipal(); //String ssoId =3D (String) request.getNote(Constants.REQ_SSOID_NOT= E); if (principal !=3D null) { // Associate the session with any existing SSO session in order // to get coordinated session invalidation at logout String ssoId =3D (String) rqst.getNote(Constants.REQ_SSOID_NOTE= ); if (ssoId !=3D null) { associate(ssoId, rqst.getSessionInternal(true)); } return (true); } // Get certificates from the request boolean certAuth =3D true; X509Certificate certs[] =3D (X509Certificate[]) rqst.getAttribute(G= lobals.CERTIFICATES_ATTR); if ((certs =3D=3D null) || (certs.length < 1)) { rqst.getCoyoteRequest().action(ActionCode.REQ_SSL_CERTIFICATE, = null); certs =3D (X509Certificate[]) rqst.getAttribute(Globals.CERTIFI= CATES_ATTR); } if ((certs =3D=3D null) || (certs.length < 1)) { // No certificates certAuth =3D false; } // Delegate authentication request boolean retval; if (certAuth) { retval =3D sslAuthenticator.authenticate(rqst, resp, lc); } else { retval =3D formAuthenticator.authenticate(rqst, resp, lc); } System.out.println("Retval: " + retval + ", certAuth: " + certAuth); return retval; } = private String infoStr =3D null; @Override public String getInfo() { if(null =3D=3D infoStr) { infoStr =3D this.getClass().getName(); } return infoStr; } @Override protected String getAuthMethod() { return HttpServletRequest.CLIENT_CERT_AUTH; // return HttpServletRequest.FORM_AUTH; } = @Override public void setContainer(Container container) { try { super.setContainer(container); sslAuthenticator.setContainer(container); formAuthenticator.setContainer(container); = /* At time of writing, it appears .setContainer is the only thing necessary ahead of time to call .start() */ formAuthenticator.start(); sslAuthenticator.start(); } catch (LifecycleException ex) { Logger.getLogger(SSLWithFORMFallback7.class.getName()).log(Leve= l.SEVERE, null, ex); } } } }}} --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org