markt 2005/02/27 10:27:09 Modified: catalina/src/share/org/apache/catalina/authenticator FormAuthenticator.java Log: Fix bug 27128. Request parameters now restored after form authentication if cache=false - Ported fix from TC5 Set the notes even when caching. This is harmless from a performance standpoint, but since the principal might not be serializable it would cause issues with SSO and clustering. - Ported from TC5 Revision Changes Path 1.25 +16 -10 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java Index: FormAuthenticator.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- FormAuthenticator.java 7 Jan 2005 09:24:19 -0000 1.24 +++ FormAuthenticator.java 27 Feb 2005 18:27:09 -0000 1.25 @@ -164,10 +164,12 @@ context.getRealm().authenticate(username, password); if (principal != null) { session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); - register(request, response, principal, - Constants.FORM_METHOD, - username, password); - return (true); + if (!matchRequest(request)) { + register(request, response, principal, + Constants.FORM_METHOD, + username, password); + return (true); + } } if (debug >= 1) log("Reauthentication failed, proceed normally"); @@ -185,6 +187,12 @@ register(request, response, principal, Constants.FORM_METHOD, (String) session.getNote(Constants.SESS_USERNAME_NOTE), (String) session.getNote(Constants.SESS_PASSWORD_NOTE)); + // If we're caching principals we no longer need the username + // and password in the session, so remove them + if (cache) { + session.removeNote(Constants.SESS_USERNAME_NOTE); + session.removeNote(Constants.SESS_PASSWORD_NOTE); + } if (restoreRequest(request, session)) { if (debug >= 1) log("Proceed to restored request"); @@ -274,11 +282,9 @@ // Save the authenticated Principal in our session session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); - // If we are not caching, save the username and password as well - if (!cache) { - session.setNote(Constants.SESS_USERNAME_NOTE, username); - session.setNote(Constants.SESS_PASSWORD_NOTE, password); - } + // Save the username and password as well + session.setNote(Constants.SESS_USERNAME_NOTE, username); + session.setNote(Constants.SESS_PASSWORD_NOTE, password); // Redirect the user to the original request URI (which will cause // the original request to be restored)
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]