tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1763450 - in /tomcat/trunk: java/org/apache/catalina/authenticator/AuthenticatorBase.java webapps/docs/changelog.xml
Date Wed, 05 Oct 2016 13:52:58 GMT
Author: markt
Date: Wed Oct  5 13:52:58 2016
New Revision: 1763450

URL: http://svn.apache.org/viewvc?rev=1763450&view=rev
Log:
Ensure that the isMandatory flag is correctly set when using JASPIC authentication.

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1763450&r1=1763449&r2=1763450&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Wed Oct  5
13:52:58 2016
@@ -506,23 +506,26 @@ public abstract class AuthenticatorBase
 
         // Since authenticate modifies the response on failure,
         // we have to check for allow-from-all first.
-        if (!authRequired && constraints != null) {
-            authRequired = true;
-            for (int i = 0; i < constraints.length && authRequired; i++) {
+        boolean hasAuthConstraint = false;
+        if (constraints != null) {
+            hasAuthConstraint = true;
+            for (int i = 0; i < constraints.length && hasAuthConstraint; i++)
{
                 if (!constraints[i].getAuthConstraint()) {
-                    authRequired = false;
-                    break;
+                    hasAuthConstraint = false;
                 } else if (!constraints[i].getAllRoles() &&
                         !constraints[i].getAuthenticatedUsers()) {
                     String[] roles = constraints[i].findAuthRoles();
                     if (roles == null || roles.length == 0) {
-                        authRequired = false;
-                        break;
+                        hasAuthConstraint = false;
                     }
                 }
             }
         }
 
+        if (!authRequired && hasAuthConstraint) {
+            authRequired = true;
+        }
+
         if (!authRequired && context.getPreemptiveAuthentication()) {
             authRequired =
                     request.getCoyoteRequest().getMimeHeaders().getValue("authorization")
!= null;
@@ -542,7 +545,7 @@ public abstract class AuthenticatorBase
             }
 
             if (jaspicProvider != null) {
-                jaspicState = getJaspicState(jaspicProvider, request, response);
+                jaspicState = getJaspicState(jaspicProvider, request, response, hasAuthConstraint);
                 if (jaspicState == null) {
                     return;
                 }
@@ -601,7 +604,7 @@ public abstract class AuthenticatorBase
             return doAuthenticate(request, httpResponse);
         } else {
             Response response = request.getResponse();
-            JaspicState jaspicState = getJaspicState(jaspicProvider, request, response);
+            JaspicState jaspicState = getJaspicState(jaspicProvider, request, response, true);
             if (jaspicState == null) {
                 return false;
             }
@@ -627,11 +630,11 @@ public abstract class AuthenticatorBase
 
 
     private JaspicState getJaspicState(AuthConfigProvider jaspicProvider, Request request,
-            Response response) throws IOException {
+            Response response, boolean authMandatory) throws IOException {
         JaspicState jaspicState = new JaspicState();
 
         jaspicState.messageInfo =
-                new MessageInfoImpl(request.getRequest(), response.getResponse(), true);
+                new MessageInfoImpl(request.getRequest(), response.getResponse(), authMandatory);
 
         try {
             ServerAuthConfig serverAuthConfig = jaspicProvider.getServerAuthConfig(

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1763450&r1=1763449&r2=1763450&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Oct  5 13:52:58 2016
@@ -117,6 +117,10 @@
         where the current class loader is a child of the web application class
         loader. (markt)
       </fix>
+      <fix>
+        <bug>60196</bug>: Ensure that the <code>isMandatory</code>
flag is
+        correctly set when using JASPIC authentication. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message