markt 2005/02/27 10:27:09
Modified: catalina/src/share/org/apache/catalina/authenticator
FormAuthenticator.java
Log:
Fix bug 27128. Request parameters now restored after form authentication if
cache=false
- Ported fix from TC5
Set the notes even when caching. This is harmless from a performance
standpoint,
but since the principal might not be serializable it would cause issues with
SSO and
clustering.
- Ported from TC5
Revision Changes Path
1.25 +16 -10
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
Index: FormAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- FormAuthenticator.java 7 Jan 2005 09:24:19 -0000 1.24
+++ FormAuthenticator.java 27 Feb 2005 18:27:09 -0000 1.25
@@ -164,10 +164,12 @@
context.getRealm().authenticate(username, password);
if (principal != null) {
session.setNote(Constants.FORM_PRINCIPAL_NOTE,
principal);
- register(request, response, principal,
- Constants.FORM_METHOD,
- username, password);
- return (true);
+ if (!matchRequest(request)) {
+ register(request, response, principal,
+ Constants.FORM_METHOD,
+ username, password);
+ return (true);
+ }
}
if (debug >= 1)
log("Reauthentication failed, proceed normally");
@@ -185,6 +187,12 @@
register(request, response, principal, Constants.FORM_METHOD,
(String) session.getNote(Constants.SESS_USERNAME_NOTE),
(String) session.getNote(Constants.SESS_PASSWORD_NOTE));
+ // If we're caching principals we no longer need the username
+ // and password in the session, so remove them
+ if (cache) {
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
if (restoreRequest(request, session)) {
if (debug >= 1)
log("Proceed to restored request");
@@ -274,11 +282,9 @@
// Save the authenticated Principal in our session
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
- // If we are not caching, save the username and password as well
- if (!cache) {
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
- }
+ // Save the username and password as well
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
