tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1807211 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/authenticator/BasicAuthenticator.java java/org/apache/catalina/authenticator/LocalStrings.properties webapps/docs/changelog.xml webapps/docs/config/valve.xml
Date Mon, 04 Sep 2017 11:28:06 GMT
Author: markt
Date: Mon Sep  4 11:28:06 2017
New Revision: 1807211

URL: http://svn.apache.org/viewvc?rev=1807211&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61280
Add RFC 7617 support to the BasicAuthenticator

Modified:
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java?rev=1807211&r1=1807210&r2=1807211&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java Mon
Sep  4 11:28:06 2017
@@ -5,9 +5,9 @@
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,6 +17,7 @@
 package org.apache.catalina.authenticator;
 
 import java.io.IOException;
+import java.nio.charset.Charset;
 import java.security.Principal;
 
 import javax.servlet.http.HttpServletRequest;
@@ -38,17 +39,14 @@ import org.apache.tomcat.util.codec.bina
  */
 public class BasicAuthenticator extends AuthenticatorBase {
 
-   // ----------------------------------------------------- Instance Variables
-
-
     /**
      * Descriptive information about this implementation.
      */
-    protected static final String info =
-        "org.apache.catalina.authenticator.BasicAuthenticator/1.0";
+    protected static final String info = "org.apache.catalina.authenticator.BasicAuthenticator/1.0";
 
 
-    // ------------------------------------------------------------- Properties
+    private Charset charset = B2CConverter.ISO_8859_1;
+    private String charsetString = null;
 
 
     /**
@@ -56,28 +54,28 @@ public class BasicAuthenticator extends
      */
     @Override
     public String getInfo() {
+        return info;
+    }
 
-        return (info);
 
+    public String getCharset() {
+        return charsetString;
     }
 
 
-    // --------------------------------------------------------- Public Methods
+    public void setCharset(String charsetString) {
+        // Only acceptable options are null, "" or "UTF-8" (case insensitive)
+        if (charsetString == null || charsetString.isEmpty()) {
+            charset = B2CConverter.ISO_8859_1;
+        } else if ("UTF-8".equalsIgnoreCase(charsetString)) {
+            charset = B2CConverter.UTF_8;
+        } else {
+            throw new IllegalArgumentException(sm.getString("basicAuthenticator.invalidCharset"));
+        }
+        this.charsetString = charsetString;
+    }
 
 
-    /**
-     * Authenticate the user making this request, based on the specified
-     * login configuration.  Return <code>true</code> if any specified
-     * constraint has been satisfied, or <code>false</code> if we have
-     * created a response challenge already.
-     *
-     * @param request Request we are processing
-     * @param response Response we are creating
-     * @param config    Login configuration describing how authentication
-     *              should be performed
-     *
-     * @exception IOException if an input/output error occurs
-     */
     @Override
     public boolean authenticate(Request request,
                                 HttpServletResponse response,
@@ -92,21 +90,21 @@ public class BasicAuthenticator extends
         String username = null;
         String password = null;
 
-        MessageBytes authorization = 
+        MessageBytes authorization =
             request.getCoyoteRequest().getMimeHeaders()
             .getValue("authorization");
-        
+
         if (authorization != null) {
             authorization.toBytes();
             ByteChunk authorizationBC = authorization.getByteChunk();
             if (authorizationBC.startsWithIgnoreCase("basic ", 0)) {
                 authorizationBC.setOffset(authorizationBC.getOffset() + 6);
-                
+
                 byte[] decoded = Base64.decodeBase64(
                         authorizationBC.getBuffer(),
                         authorizationBC.getOffset(),
                         authorizationBC.getLength());
-                
+
                 // Get username and password
                 int colon = -1;
                 for (int i = 0; i < decoded.length; i++) {
@@ -117,15 +115,12 @@ public class BasicAuthenticator extends
                 }
 
                 if (colon < 0) {
-                    username = new String(decoded, B2CConverter.ISO_8859_1);
+                    username = new String(decoded, charset);
                 } else {
-                    username = new String(
-                            decoded, 0, colon, B2CConverter.ISO_8859_1);
-                    password = new String(
-                            decoded, colon + 1, decoded.length - colon - 1,
-                            B2CConverter.ISO_8859_1);
+                    username = new String(decoded, 0, colon, charset);
+                    password = new String(decoded, colon + 1, decoded.length - colon - 1,
charset);
                 }
-                
+
                 authorizationBC.setOffset(authorizationBC.getOffset() - 6);
             }
 
@@ -136,7 +131,7 @@ public class BasicAuthenticator extends
                 return (true);
             }
         }
-        
+
         StringBuilder value = new StringBuilder(16);
         value.append("Basic realm=\"");
         if (config.getRealmName() == null) {
@@ -144,7 +139,11 @@ public class BasicAuthenticator extends
         } else {
             value.append(config.getRealmName());
         }
-        value.append('\"');        
+        value.append('\"');
+        if (charsetString != null && !charsetString.isEmpty()) {
+            value.append(", charset=");
+            value.append(charsetString);
+        }
         response.setHeader(AUTH_HEADER_NAME, value.toString());
         response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
         return (false);

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=1807211&r1=1807210&r2=1807211&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties Mon
Sep  4 11:28:06 2017
@@ -33,6 +33,8 @@ authenticator.unauthorized=Cannot authen
 authenticator.userDataConstraint=This request violates a User Data constraint for this application
 authenticator.tomcatPrincipalLogoutFail=Logout with TomcatPrincipal instance has failed
 
+basicAuthenticator.invalidCharset=The only permitted values are null, the empty string or
UTF-8
+
 digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to
make room for new entries. A replay attack is now possible. To prevent the possibility of
replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this
type will be suppressed for 5 minutes.
 
 formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1807211&r1=1807210&r2=1807211&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Sep  4 11:28:06 2017
@@ -60,6 +60,11 @@
 <section name="Tomcat 7.0.82 (violetagg)">
   <subsection name="Catalina">
     <changelog>
+      <add>
+        <bug>61280</bug>: Add RFC 7617 support to the
+        <code>BasicAuthenticator</code>. Note that the default configuration
+        does not change the existin behaviour. (markt)
+      </add>
       <fix>
         <bug>61452</bug>: Fix a copy paste error that caused an
         <code>UnsupportedEncodingException</code> when using WebDAV. (markt)

Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml?rev=1807211&r1=1807210&r2=1807211&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml Mon Sep  4 11:28:06 2017
@@ -1009,6 +1009,19 @@
         used.</p>
       </attribute>
 
+      <attribute name="charset" required="false">
+        <p>Controls if the <code>WWW-Authenticate</code> HTTP header includes
a
+        <code>charset</code> authentication parameter as per RFC 7617. The only
+        permitted options are <code>null</code>, the empty string and
+        <code>UTF-8</code>. If <code>UTF-8</code> is specified then
the
+        <code>charset</code> authentication parameter will be sent with that
+        value and the provided user name and optional password will be converted
+        from bytes to characters using UTF-8. Otherwise, no <code>charset</code>
+        authentication parameter will be sent and the provided user name and
+        optional password will be converted from bytes to characters using
+        ISO-8859-1. The default value is <code>null</code></p>
+      </attribute>
+
       <attribute name="className" required="true">
         <p>Java class name of the implementation to use.  This MUST be set to
         <strong>org.apache.catalina.authenticator.BasicAuthenticator</strong>.</p>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message