Author: markt
Date: Mon Oct 1 09:35:59 2012
New Revision: 1392252
URL: http://svn.apache.org/viewvc?rev=1392252&view=rev
Log:
Remove unneeded handling of FORM authentication in RealmBase
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1392252&r1=1392251&r2=1392252&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Mon Oct 1 09:35:59 2012
@@ -28,12 +28,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK/
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
-* Remove unneeded handling of FORM authentication in RealmBase
- http://svn.apache.org/viewvc?rev=1377887&view=rev
- (r1377892 in 7.0)
- +1: kkolinko, markt, kfujino
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42181
A. Better handling of edge conditions in chunk header processing (BZ 42181)
B. Improve chunk header parsing. Properly ignore chunk-extension suffix,
Modified:
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java?rev=1392252&r1=1392251&r2=1392252&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
(original)
+++
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Mon Oct 1 09:35:59 2012
@@ -727,31 +727,6 @@ public abstract class RealmBase
if (constraints == null || constraints.length == 0)
return (true);
- // Specifically allow access to the form login and form error pages
- // and the "j_security_check" action
- LoginConfig config = context.getLoginConfig();
- if ((config != null) &&
- (Constants.FORM_METHOD.equals(config.getAuthMethod()))) {
- String requestURI = request.getRequestPathMB().toString();
- String loginPage = config.getLoginPage();
- if (loginPage.equals(requestURI)) {
- if (log.isDebugEnabled())
- log.debug(" Allow access to login page " + loginPage);
- return (true);
- }
- String errorPage = config.getErrorPage();
- if (errorPage.equals(requestURI)) {
- if (log.isDebugEnabled())
- log.debug(" Allow access to error page " + errorPage);
- return (true);
- }
- if (requestURI.endsWith(Constants.FORM_ACTION)) {
- if (log.isDebugEnabled())
- log.debug(" Allow access to username/password submission");
- return (true);
- }
- }
-
// Which user principal have we already authenticated?
Principal principal = request.getPrincipal();
boolean status = false;
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1392252&r1=1392251&r2=1392252&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Mon Oct 1
09:35:59 2012
@@ -68,6 +68,9 @@
session by default, tracking server rather than client nonces and
better
handling of stale nonce values. (markt)
</fix>
+ <scode>
+ Remove unneeded handling of FORM authentication in RealmBase.
(kkolinko)
+ </scode>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
