Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 93109 invoked by uid 500); 10 May 2001 23:53:57 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: tomcat-dev@jakarta.apache.org Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 93095 invoked by uid 500); 10 May 2001 23:53:56 -0000 Delivered-To: apmail-jakarta-tomcat-4.0-cvs@apache.org Date: 10 May 2001 23:53:55 -0000 Message-ID: <20010510235355.93084.qmail@apache.org> From: craigmcc@apache.org To: jakarta-tomcat-4.0-cvs@apache.org Subject: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy SecurityConstraint.java craigmcc 01/05/10 16:53:55 Modified: catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java catalina/src/share/org/apache/catalina/deploy SecurityConstraint.java Log: Update access control logic to correctly process authentication constraints with a "*" element, which means that all roles are allowed. Submitted by: Tony Ng Revision Changes Path 1.13 +11 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Index: AuthenticatorBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- AuthenticatorBase.java 2001/05/10 19:47:09 1.12 +++ AuthenticatorBase.java 2001/05/10 23:53:53 1.13 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.12 2001/05/10 19:47:09 craigmcc Exp $ - * $Revision: 1.12 $ - * $Date: 2001/05/10 19:47:09 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.13 2001/05/10 23:53:53 craigmcc Exp $ + * $Revision: 1.13 $ + * $Date: 2001/05/10 23:53:53 $ * * ==================================================================== * @@ -95,6 +95,7 @@ import org.apache.catalina.Session; import org.apache.catalina.Valve; import org.apache.catalina.ValveContext; +import org.apache.catalina.core.StandardContext; import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.deploy.SecurityConstraint; import org.apache.catalina.util.LifecycleSupport; @@ -120,7 +121,7 @@ * requests. Requests of any other type will simply be passed through. * * @author Craig R. McClanahan - * @version $Revision: 1.12 $ $Date: 2001/05/10 19:47:09 $ + * @version $Revision: 1.13 $ $Date: 2001/05/10 23:53:53 $ */ @@ -570,6 +571,8 @@ Principal principal = ((HttpServletRequest) request.getRequest()).getUserPrincipal(); if (principal == null) { + if (debug >= 2) + log(" No user authenticated, cannot grant access"); ((HttpServletResponse) response.getResponse()).sendError (HttpServletResponse.SC_INTERNAL_SERVER_ERROR, sm.getString("authenticator.notAuthenticated")); @@ -582,7 +585,8 @@ if (roles == null) roles = new String[0]; if (roles.length == 0) { - if (constraint.getAuthConstraint()) { + if (constraint.getAuthConstraint() && + !constraint.getAllRoles()) { ((HttpServletResponse) response.getResponse()).sendError (HttpServletResponse.SC_FORBIDDEN, sm.getString("authenticator.forbidden")); @@ -1014,6 +1018,8 @@ throw new LifecycleException (sm.getString("authenticator.alreadyStarted")); lifecycle.fireLifecycleEvent(START_EVENT, null); + if (context instanceof StandardContext) + setDebug(((StandardContext) context).getDebug()); started = true; // Look up the SingleSignOn implementation in our request processing 1.4 +8 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy/SecurityConstraint.java Index: SecurityConstraint.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy/SecurityConstraint.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- SecurityConstraint.java 2000/10/29 00:35:05 1.3 +++ SecurityConstraint.java 2001/05/10 23:53:54 1.4 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy/SecurityConstraint.java,v 1.3 2000/10/29 00:35:05 craigmcc Exp $ - * $Revision: 1.3 $ - * $Date: 2000/10/29 00:35:05 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/deploy/SecurityConstraint.java,v 1.4 2001/05/10 23:53:54 craigmcc Exp $ + * $Revision: 1.4 $ + * $Date: 2001/05/10 23:53:54 $ * * ==================================================================== * @@ -77,7 +77,7 @@ * this class is synchronized. * * @author Craig R. McClanahan - * @version $Revision: 1.3 $ $Date: 2000/10/29 00:35:05 $ + * @version $Revision: 1.4 $ $Date: 2001/05/10 23:53:54 $ */ public final class SecurityConstraint { @@ -234,14 +234,16 @@ if (authRole == null) return; + if ("*".equals(authRole)) { + allRoles = true; + return; + } String results[] = new String[authRoles.length + 1]; for (int i = 0; i < authRoles.length; i++) results[i] = authRoles[i]; results[authRoles.length] = authRole; authRoles = results; authConstraint = true; - if ("*".equals(authRole)) - allRoles = true; }