Author: markt
Date: Tue Aug 7 21:30:49 2012
New Revision: 1370540
URL: http://svn.apache.org/viewvc?rev=1370540&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53584
Ignore path parameters when comparing URIs for FORM authentication. This
prevents users being prompted twice for passwords when logging in when session
IDs are being encoded as path parameters.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1370537
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1370540&r1=1370539&r2=1370540&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Tue Aug 7 21:30:49 2012
@@ -498,7 +498,7 @@ public class FormAuthenticator
}
// Does the request URI match?
- String requestURI = request.getRequestURI();
+ String requestURI = request.getDecodedRequestURI();
if (requestURI == null) {
return (false);
}
@@ -658,7 +658,7 @@ public class FormAuthenticator
saved.setMethod(request.getMethod());
saved.setQueryString(request.getQueryString());
- saved.setRequestURI(request.getRequestURI());
+ saved.setRequestURI(request.getDecodedRequestURI());
// Stash the SavedRequest in our session for later use
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1370540&r1=1370539&r2=1370540&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Aug 7 21:30:49 2012
@@ -89,6 +89,12 @@
<bug>53535</bug>: Reduce memory footprint when performing class
scanning
on Context start. Patch provided by Cedomir Igaly. (markt)
</fix>
+ <fix>
+ <bug>53584</bug>: Ignore path parameters when comparing URIs for FORM
+ authentication. This prevents users being prompted twice for passwords
+ when logging in when session IDs are being encoded as path parameters.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
