Author: markt
Date: Wed Mar 18 21:38:31 2015
New Revision: 1667625
URL: http://svn.apache.org/r1667625
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57708
Implement a new feature for AJP connectors - Tomcat Authorization
If configured (it is disabled by default) Tomcat will take an authenticated
user name from the AJP protocol and use the appropriate Realm for the request
to authorize (i.e. add roles) to that user.
Based on a patch by Graham Leggett.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/Realm.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/CombinedRealm.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/Request.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProcessor.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpNioProtocol.java
tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/ajp.xml
tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
tomcat/tc7.0.x/trunk/webapps/docs/windows-auth-howto.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar 18 21:38:31 2015
@@ -1,2 +1,2 @@
-/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1647043,1648816,1651420-1651422,1651844,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553-1667555,1667617
-/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114
,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335547,1335692,1335711,1335731,1336515,1336813,1336864,1336868,1336884,1337419,1337426,1337546,1337572,1337591-1337595,1337643,1337707,1337719,1337734,1337741,1337745,1338151-1338154,1338178,1342027,1342029,1342315,1342320,1342476,1342
498,1342503,1342717,1342795,1342805,1343044-1343046,1343335,1343394,1343400,1343629,1343708,1343718,1343895,1344063,1344068,1344250,1344266,1344515,1344528,1344612,1344629,1344725,1344868,1344890,1344893,1344896,1344901,1345020,1345029,1345039,1345287-1345290,1345294,1345309,1345325,1345357,1345367,1345579-1345580,1345582,1345688,1345699,1345704,1345731-1345732,1345737,1345744,1345752,1345754,1345779,1345781,1345846,1346107,1346365,1346376,1346404,1346510,1346514,1346519,1346581,1346635,1346644,1346683,1346794,1346885,1346932,1347034,1347047,1347087,1347108-1347109,1347583,1347737,1348105,1348357,1348398,1348425,1348461-1348495,1348498,1348752,1348762,1348772,1348776,1348859,1348968,1348973,1348989,1349007,1349237,1349298,1349317,1349410,1349473,1349539,1349879,1349887,1349893,1349922,1349984,1350124,1350241,1350243,1350294-1350295,1350299,1350864,1350900,1351010,1351054,1351056,1351068,1351134-1351135,1351148,1351259,1351604,1351636-1351640,1351991,1351993,1352011,1352056,1352059,1
352661,1352663,1352788,1352799,1353087,1353125,1353240,1353261,1353414,1353468,1353501,1353581,1353708,1354137,1354170,1354197,1354255,1354362,1354375,1354469,1354664,1354685,1354817,1354847,1354856,1355726,1355810,1356006-1356007,1356014,1356045,1356125,1356422,1356505,1356898,1357042,1357401,1357407,1358586,1358590,1358612-1358613,1359102,1359340,1359981,1360059,1360455,1360460,1360838,1360847,1360892,1360942,1361263,1361430,1361754-1361755,1361762,1361769,1361772,1361962,1361982,1361985,1361991,1364141,1364149,1364411-1364412,1364448,1366708,1366720,1366729,1366734,1366910,1366945,1366953,1366959,1367214,1370346,1370364,1370373,1370386,1370473,1370537,1370549,1370553,1370879,1370916,1370958,1370960,1370973,1371017,1371283,1371336,1371620,1371812,1371823,1371896,1371976,1371978,1371995,1371999,1372131,1372152,1372156,1372390,1373003,1373080,1373142,1373488,1373578,1373618,1373622,1373666,1373985,1373987,1373990,1373993,1374000,1374019,1374086,1374823,1376994,1377078,1377292,137731
1,1377342,1377433,1377444,1377516,1377518-1377519,1377532,1377535,1377544,1377689,1377785,1377794,1377811,1377824,1377827,1377831,1377852-1377853,1377887,1377900,1378322,1378361,1378394,1378699,1378715,1378818,1378868,1378918,1379047,1379090,1379178,1379206,1379213,1379418,1379580,1379590,1379639,1379647,1379649,1379665,1379733,1379735,1380066,1380073,1380075,1380376,1380635,1380637,1380838,1381411,1381623,1382314,1382343,1382366,1382515,1382832,1382842,1384051,1384055,1384063,1384068-1384069,1385336,1387937,1388709,1388890,1390882,1392098,1392619,1393071,1393115,1396615,1396723,1397086,1397464,1397466,1397472,1397482,1397484,1397839,1397868,1397944,1397950,1397953,1397957,1397960,1397962,1397964,1397969,1397971-1397974,1397976-1397980,1397985,1397988-1397989,1398089,1398107,1398109-1398110,1398112,1399022,1401472,1401792,1401808,1401814,1402113,1402122,1402345,1402348,1402350,1402428,1402573,1402576,1402600-1402601,1402622,1402643,1402683,1402837,1402855,1403099,1403468,1404374,140
4658,1404704,1404773,1404917-1404918,1405133,1405168,1405321,1405353,1405357,1405364,1405397,1405399-1405400,1405415,1405435,1405676,1405681,1406456,1406481,1406526,1407595,1407619,1408043,1408148,1408154,1408156,1408159,1408163-1408165,1408248,1408438,1408504,1408513-1408517,1408562-1408565,1408714,1408721,1408739,1408750,1408774,1408792,1408872-1408876,1408906,1408934,1409007,1409030,1410466,1410545,1410609,1410611,1410632,1410714,1410742,1410763-1410764,1410766,1411585,1411993,1412575,1413552,1413556,1413562,1414053,1414113,1414215,1414889,1415177-1415179,1415186,1416458,1416481,1416501,1416529,1416534-1416535,1416658,1417201,1417224,1417282,1417347-1417348,1417353,1417363,1417365,1417370-1417372,1417463,1417465,1417467,1417469,1417476,1424894,1425502,1425564,1425628,1426662,1427013,1427757,1427784,1427804,1427846,1428010,1428079,1428283,1428355,1428403,1428643,1428869,1428959,1428993,1429123,1429153,1429167,1429173,1429179-1429180,1429182,1429356,1429687,1429745,1429784,1429836,
1429863,1429946,1429969,1430079,1430147,1430165,1430445,1430448,1430481,1430487,1430508,1430550,1430567,1430771,1430773,1430775,1430791,1430799,1430806,1430809,1430921,1431164,1431171,1431206,1431221,1431293,1431298,1431302,1431308,1431310,1431320,1431661,1431920,1431990,1432517,1432867,1433976,1434403,1434428,1434438,1434447,1434456,1434463,1434500,1434598,1434660,1434685,1434725,1434757,1434882,1435126,1435505,1435509,1435600,1435606,1435636,1435642,1435759-1435760,1435765,1435767,1437317,1437337,1437505,1437637,1437649,1437743,1437891,1437897,1437903,1438411,1438463,1439054,1439334,1439434,1439442,1439445,1439667,1440095,1440622,1440911,1441342,1441348,1441403,1441416,1441428,1441807,1441895,1441916,1441920,1443350,1443405,1443427,1445111,1445125,1445190,1445208,1445212,1445328,1445337,1445520,1446108,1446137,1446357,1446612,1446640,1446650,1447012,1447178,1447791,1447817-1447818,1448117,1448121,1448125,1448826,1449225,1449406,1450990,1451053,1451061,1451105,1451408,1451434,14517
69,1451938-1451939,1451947,1451955-1451956,1452295,1452501,1452707,1452719,1452721,1452752,1453105,1453112,1453435,1453439,1453490,1453544,1453549,1453621,1454828,1454832,1454953,1455344,1455854,1455973,1456083,1456440,1456453,1456491,1456494,1456657,1456666,1456678,1456706,1456713,1456716,1456721,1456740,1456762,1456766,1456822,1456844,1456863,1456872,1456882,1456885,1456895,1456899,1456904,1456916,1456920,1456926,1456932,1456959,1456963,1456970,1457299,1457301,1457362,1457382,1457402,1457452,1457748,1457968,1458187,1458192,1458200,1458221,1458562,1458564-1458565,1458694,1458726,1458738-1458739,1459010,1459028,1459031,1459061,1459074-1459075,1459085,1459218,1459223,1459289,1459389,1459523-1459524,1459673,1459681,1459761,1459769,1459933,1460107,1460115,1460234,1460313,1460330,1460342,1460533,1460633,1460679,1460873,1461026,1461110,1461341,1461349,1461849,1464781,1465795,1465807,1466051,1466072,1466106,1467091,1468415,1470400,1470435,1470765,1471371,1471632,1475750,1475791,1475900,14
75930,1475968,1476761,1476805,1476815,1476972,1477051,1479175,1479179,1479248,1479482,1479951,1481164,1481835,1482115,1482288,1482309,1482311,1482313,1482321,1482591,1482720,1482723,1482799,1482835,1482854,1483104,1483229,1483288,1483360-1483361,1483390,1483552,1483554,1483679,1483743-1483744,1483786-1483787,1483816-1483817,1483949,1484253,1484592,1484780,1484786,1484861-1484862,1484959,1485114,1485489,1485495,1485611,1485847,1485862,1486062,1486134,1486217,1486294,1486443,1486834,1486861,1486875,1486890,1486939,1487862,1487882,1488151,1488793,1489170,1489195-1489196,1489201,1489385,1489390,1489405,1489437,1489536,1489546,1489610,1489633,1489648,1489738,1489812,1489886,1491485,1491596,1491709,1491841,1491890,1491940,1491942,1492307,1492336,1492343,1492358,1492555,1492570,1493011,1493013-1493014,1493071,1493113,1493740,1493801,1493910,1494044,1494048,1494051,1494056,1494143,1495015,1495043,1495154,1495197,1495880,1495886,1496061,1496732,1496734,1497474,1497538,1497754,1498340,1498363
,1498368,1498409,1498475,1498482,1498498,1498669,1498698,1498808,1499371,1499388,1499513,1499953,1500003,1500062,1500371,1500380,1500577,1500590,1500663,1501176,1501266,1501304,1501719,1501738,1501823,1501910,1501927,1501929,1502254,1502349,1503851,1505843,1505929,1506053,1507013,1507052,1507096,1507870,1507872,1508196,1508259,1508346,1509128,1509151,1509156,1509161,1509806,1510246,1510271,1510488,1511212,1511217,1511434,1512034,1513025,1513148-1513149,1513665,1514281,1514291,1514305,1514368,1514470,1514485-1514486,1515841,1515926,1516113,1516295,1516419,1516710,1516953,1517536,1517898,1517941,1517970,1517980,1518189,1518210,1518328,1518381,1518536,1518540,1518578,1518581,1518589,1519611,1519623,1519627,1520273,1520349,1520632,1520655,1521023,1521025,1521027,1521030,1521032,1521034,1521040,1521043,1521049-1521050,1521059-1521061,1521073,1521075,1521271,1521276,1521444,1521687,1521829,1521831,1521834-1521835,1521837,1521839-1521840,1522016,1523555,1523646-1523647,1523674,1523781,1523
788,1523830,1523955,1523958,1523964,1523982,1524078,1524558,1524652,1524657,1524668,1524683,1524687,1524707,1524719,1524727,1524761,1524978,1524984,1525593,1525696,1526043,1526052,1527480,1527493,1527727-1527728,1527730-1527733,1528060,1528166,1528169,1528171-1528172,1528248,1528369,1528383,1528407,1528424,1528855,1529149,1529181,1529317,1529546,1529549,1529787,1530057,1530081,1530103,1530213,1530296,1530298,1530325,1530342,1530348,1530353,1530397,1530418,1530421,1530423,1530426,1530445,1530574,1530599,1530632,1530791,1530822,1530866,1530875,1530909,1530989,1531087,1531099,1531130,1531138,1531156,1531161,1531271,1531312,1531600,1532036,1532269,1532286,1532373,1532437,1532445,1532498-1532501,1532506,1532544,1532622,1532627,1532718-1532722,1532765-1532766,1533048-1533049,1533117,1533312,1533347,1533962,1533980,1534165,1534418,1534540,1534543-1534544,1534612,1534616,1534619,1534727,1534744,1534846,1536298,1536337,1536520,1536624,1536632,1536735,1536834,1536848,1536850,1536852,1537041,1
537057,1537073,1537404,1537835,1538533,1538781,1538798,1538921,1538923-1538924,1539133,1539157,1539173,1539445,1539452,1539702,1539716,1539887,1539953,1540374,1540383-1540386,1540396-1540398,1540400-1540413,1540539,1540641,1540647,1540670,1540687,1540765,1540807,1542267,1542339,1542769,1542841,1542845,1542856,1543383,1543753,1543772,1543815-1543817,1543897,1543943,1543948,1544072,1544075,1544082,1544165,1544208,1544210,1544453,1544455,1544460,1544472,1544589,1544593,1544606,1544679,1545075,1545078,1545082,1545213,1545215,1545261,1545284,1545288,1545377,1545416,1545471,1545480,1545558,1545619,1545665,1545750,1545799,1545814,1545832,1545847,1545863,1546172,1546372,1546382,1546631,1546656,1547032,1547760,1548169,1548182-1548183,1548185,1548498,1548695,1548961,1548966,1549522,1549525,1549528,1549909,1550387,1550541,1550743,1550920,1551298,1551300,1551323,1551481-1551482,1551953,1552042,1552071,1552080,1552287,1552804,1553126,1553608,1553650,1555163,1556725,1556783,1556788,1556807,155682
3,1556836,1556957,1557082,1557747,1557752,1558129,1558355,1558811,1559081,1559113,1559134,1559397,1559419,1559549-1559550,1559561-1559562,1559573,1559662,1559697,1559707,1559798,1560017,1560158,1560177,1560212-1560213,1560784,1560810,1560817,1560838,1560850,1560856,1560922,1560948,1561025,1561054-1561065,1561067-1561070,1561072-1561075,1561083,1561085,1561093-1561094,1561098,1561101,1561104,1561106,1561114-1561116,1561121-1561123,1561126-1561128,1561131-1561133,1561135-1561136,1561138,1561140,1561143-1561146,1561148-1561157,1561160-1561162,1561164-1561176,1561178-1561182,1561185-1561188,1561190-1561192,1561195,1561623,1561635,1561640,1561732,1562411,1562458,1562581,1562597,1562742,1562746,1563206,1563989,1564299,1564309,1564312,1564398,1564414,1564461,1564742-1564746,1565300-1565416,1565451,1565788,1566693,1566699,1567144,1567382,1567404,1567429,1567580,1567634,1567993,1568768,1568779-1568780,1568803,1568828,1568921,1568926,1568936,1569398,1569459,1569735,1569755,1570114,1570120,157
0176,1570547,1570601,1570629,1570713,1571196,1571725,1572574,1574004,1574479,1574923,1574936,1574943,1575012,1575262,1575545,1575885,1575910,1576104,1576271,1576288,1576628,1576722,1576768,1576810,1576908,1576923,1577182,1577195,1577315,1577324,1577463,1577544,1577557,1577565,1577581,1577714,1577873,1577944,1578309,1578329,1578337,1578610-1578611,1578636,1578810,1578812-1578813,1578817,1579174,1579214-1579215,1579626,1580030,1580080,1580194,1580514,1580598,1580658,1580821,1580849,1580869,1581061,1581529,1582009,1582453,1584915,1584922,1586644,1586658,1586890,1586894,1586951,1586959,1586961,1587272,1587378-1587379,1587723,1587859,1587865,1587870,1587886,1588102,1588193,1588197,1588269,1588462,1589035,1589039,1589043,1589100,1589102,1589165-1589166,1589170,1589523,1589630,1589633,1589668,1589698,1589726,1589737-1589738,1589763,1589837,1589842,1589967,1589980,1590018,1590060,1590076,1590120,1590128,1590283,1590300,1590302,1590322,1590329,1590339,1590345,1590377,1590402,1590422,1590438,
1590451,1590461,1590471,1590474,1590479,1590604,1590635,1590638,1590646,1590648,1590801,1590835,1590842,1590911,1593132,1593189,1593200,1593259,1593261,1593284,1593335,1593356,1593387,1593421,1593506,1593621,1593697,1593773,1593800,1593834,1593877,1593940,1593994,1594229,1594393,1594436,1594730,1594924,1595171,1595230,1595285,1595289,1595331,1595365,1595690,1595887,1595898,1596081,1596141,1596189,1596275,1596390,1596971,1597532,1597541,1597572-1597573,1597652,1597753-1597755,1597759,1597855,1598153,1598242,1598248,1598266-1598267,1598304,1598307,1598310-1598311,1598313,1599393,1599395,1599460,1599479,1599500,1599558,1599738-1599739,1600109,1600162,1600408,1600449,1600495,1600501,1600579-1600580,1600743,1600833,1600839,1600862,1600899,1600955,1600963,1600965,1600978,1600984,1601329-1601330,1601332,1601785,1601796,1601850,1601855,1601886,1601977,1602046,1602189,1602198,1602452,1602521,1602583,1602694,1602831,1602842,1602844,1602851,1602858,1602865,1602956,1603591,1603621,1603770,16037
75,1603779,1603783,1603947,1604024,1604165,1604484-1604496,1604605,1604661,1604768,1604776,1604781,1604788,1604810,1604818,1604822,1605054,1605061,1605066,1605402,1605417,1605454,1605528,1605821,1605823,1605890-1605891,1606072,1606103,1606114,1606653,1607592,1607675,1607740,1607930-1607931,1607934,1608301,1608428,1608443,1608481,1608645,1608963,1609061,1609175,1609334,1609593,1609920,1611506,1614163,1614169,1614179,1614197,1615710,1615724,1615876,1615911,1615947,1616441,1616452,1616458,1617362,1617365,1617383,1617445,1617456,1617461,1617469-1617470,1618112,1618169,1618565,1618688,1618704,1618830,1618832-1618835,1619056,1619106,1619114,1619361-1619362,1619583,1619585,1619738,1619742,1620743,1620915,1620917,1621698,1621725-1621727,1621729,1621731,1621929,1621975,1622163,1622187,1622228,1622233,1622251,1622259,1622263,1622297,1622312,1622342,1622470,1622713,1623236,1623384,1623392,1623685,1623693,1623695,1623779,1624110,1624112,1624115-1624116,1624119,1624122,1624124,1624126,1624129-16
24130,1624132-1624133,1624135,1624139,1624142-1624143,1624147,1624150,1624152,1624155-1624157,1624162-1624165,1624220,1624233,1624235,1624246-1624247,1624252,1624254,1624396,1624408,1624422,1624476,1624486-1624487,1624497-1624498,1624542,1624563-1624565,1624568-1624569,1624571,1624573,1624580,1624583,1624586,1624588,1624592,1624598,1624605,1624614,1624636,1624642,1624645,1624647-1624648,1624655,1624657,1624679,1624959,1624984,1625501,1625504,1625563,1625599,1625842,1625854,1626579,1626741,1626747-1626748,1626764-1626765,1626779,1626893,1626905,1626991,1627033,1627296,1627323,1627370,1627525,1627531,1627569,1627629,1628517,1628524,1628541,1628984,1629293,1630088,1630094,1630110,1630216,1630407,1631347,1631381,1631568,1631628,1631717,1631730,1631817-1631818,1631839,1631852,1631987,1631992-1631993,1632251,1632290,1632307,1632411,1632423-1632425,1632512,1632523,1632584,1632600-1632601,1632604,1632965,1632975,1632988,1633128,1633342,1633346,1633369,1633447-1633448,1633500,1633688,1633785
,1633824-1633825,1633936,1633974,1634229,1634250,1634257-1634258,1634260,1634312,1634326-1634327,1634329,1634690,1635215,1635301,1635308,1635310,1636524,1637331,1637684,1637695,1638720-1638725,1639653,1640083,1640088,1640275,1640322,1640347,1640361,1640365,1640652,1640655-1640658,1640688,1640700-1640883,1641000,1641058,1641064,1641374,1641634,1641656-1641692,1641707-1641718,1641721-1641722,1641735,1641981,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643121,1643206,1643209-1643210,1643216,1643270,1643283,1643309-1643310,1643536,1643570,1643634,1643654,1643675,1643733,1643761,1643963,1644017,1644321,1644529,1644535,1644989,1645011,1645357-1645358,1645455,1645486,1645488,1645626,1645641,1645685,1645743,1645763,1646304,1647042,1648815,1651116,1651120,1651280,1651470,1652938,1652970,1653550,1653574,1653797,1653815-1653816,1653840,1654013,1654123,1654159,1654735,1654766,1654785,1656590,1662736,1662985,1663264,1663277,1663324,1663
534,1663562,1663676,1663995,1664174,1664301,1664317,1664863-1664864,1664866,1665085,1665779,1666024,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1666637,1666649,1666757,1666966,1666985,1667292,1667402,1667406,1667615
+/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1647043,1648816,1651420-1651422,1651844,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553-1667555,1667558,1667617
+/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114
,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335547,1335692,1335711,1335731,1336515,1336813,1336864,1336868,1336884,1337419,1337426,1337546,1337572,1337591-1337595,1337643,1337707,1337719,1337734,1337741,1337745,1338151-1338154,1338178,1342027,1342029,1342315,1342320,1342476,1342
498,1342503,1342717,1342795,1342805,1343044-1343046,1343335,1343394,1343400,1343629,1343708,1343718,1343895,1344063,1344068,1344250,1344266,1344515,1344528,1344612,1344629,1344725,1344868,1344890,1344893,1344896,1344901,1345020,1345029,1345039,1345287-1345290,1345294,1345309,1345325,1345357,1345367,1345579-1345580,1345582,1345688,1345699,1345704,1345731-1345732,1345737,1345744,1345752,1345754,1345779,1345781,1345846,1346107,1346365,1346376,1346404,1346510,1346514,1346519,1346581,1346635,1346644,1346683,1346794,1346885,1346932,1347034,1347047,1347087,1347108-1347109,1347583,1347737,1348105,1348357,1348398,1348425,1348461-1348495,1348498,1348752,1348762,1348772,1348776,1348859,1348968,1348973,1348989,1349007,1349237,1349298,1349317,1349410,1349473,1349539,1349879,1349887,1349893,1349922,1349984,1350124,1350241,1350243,1350294-1350295,1350299,1350864,1350900,1351010,1351054,1351056,1351068,1351134-1351135,1351148,1351259,1351604,1351636-1351640,1351991,1351993,1352011,1352056,1352059,1
352661,1352663,1352788,1352799,1353087,1353125,1353240,1353261,1353414,1353468,1353501,1353581,1353708,1354137,1354170,1354197,1354255,1354362,1354375,1354469,1354664,1354685,1354817,1354847,1354856,1355726,1355810,1356006-1356007,1356014,1356045,1356125,1356422,1356505,1356898,1357042,1357401,1357407,1358586,1358590,1358612-1358613,1359102,1359340,1359981,1360059,1360455,1360460,1360838,1360847,1360892,1360942,1361263,1361430,1361754-1361755,1361762,1361769,1361772,1361962,1361982,1361985,1361991,1364141,1364149,1364411-1364412,1364448,1366708,1366720,1366729,1366734,1366910,1366945,1366953,1366959,1367214,1370346,1370364,1370373,1370386,1370473,1370537,1370549,1370553,1370879,1370916,1370958,1370960,1370973,1371017,1371283,1371336,1371620,1371812,1371823,1371896,1371976,1371978,1371995,1371999,1372131,1372152,1372156,1372390,1373003,1373080,1373142,1373488,1373578,1373618,1373622,1373666,1373985,1373987,1373990,1373993,1374000,1374019,1374086,1374823,1376994,1377078,1377292,137731
1,1377342,1377433,1377444,1377516,1377518-1377519,1377532,1377535,1377544,1377689,1377785,1377794,1377811,1377824,1377827,1377831,1377852-1377853,1377887,1377900,1378322,1378361,1378394,1378699,1378715,1378818,1378868,1378918,1379047,1379090,1379178,1379206,1379213,1379418,1379580,1379590,1379639,1379647,1379649,1379665,1379733,1379735,1380066,1380073,1380075,1380376,1380635,1380637,1380838,1381411,1381623,1382314,1382343,1382366,1382515,1382832,1382842,1384051,1384055,1384063,1384068-1384069,1385336,1387937,1388709,1388890,1390882,1392098,1392619,1393071,1393115,1396615,1396723,1397086,1397464,1397466,1397472,1397482,1397484,1397839,1397868,1397944,1397950,1397953,1397957,1397960,1397962,1397964,1397969,1397971-1397974,1397976-1397980,1397985,1397988-1397989,1398089,1398107,1398109-1398110,1398112,1399022,1401472,1401792,1401808,1401814,1402113,1402122,1402345,1402348,1402350,1402428,1402573,1402576,1402600-1402601,1402622,1402643,1402683,1402837,1402855,1403099,1403468,1404374,140
4658,1404704,1404773,1404917-1404918,1405133,1405168,1405321,1405353,1405357,1405364,1405397,1405399-1405400,1405415,1405435,1405676,1405681,1406456,1406481,1406526,1407595,1407619,1408043,1408148,1408154,1408156,1408159,1408163-1408165,1408248,1408438,1408504,1408513-1408517,1408562-1408565,1408714,1408721,1408739,1408750,1408774,1408792,1408872-1408876,1408906,1408934,1409007,1409030,1410466,1410545,1410609,1410611,1410632,1410714,1410742,1410763-1410764,1410766,1411585,1411993,1412575,1413552,1413556,1413562,1414053,1414113,1414215,1414889,1415177-1415179,1415186,1416458,1416481,1416501,1416529,1416534-1416535,1416658,1417201,1417224,1417282,1417347-1417348,1417353,1417363,1417365,1417370-1417372,1417463,1417465,1417467,1417469,1417476,1424894,1425502,1425564,1425628,1426662,1427013,1427757,1427784,1427804,1427846,1428010,1428079,1428283,1428355,1428403,1428643,1428869,1428959,1428993,1429123,1429153,1429167,1429173,1429179-1429180,1429182,1429356,1429687,1429745,1429784,1429836,
1429863,1429946,1429969,1430079,1430147,1430165,1430445,1430448,1430481,1430487,1430508,1430550,1430567,1430771,1430773,1430775,1430791,1430799,1430806,1430809,1430921,1431164,1431171,1431206,1431221,1431293,1431298,1431302,1431308,1431310,1431320,1431661,1431920,1431990,1432517,1432867,1433976,1434403,1434428,1434438,1434447,1434456,1434463,1434500,1434598,1434660,1434685,1434725,1434757,1434882,1435126,1435505,1435509,1435600,1435606,1435636,1435642,1435759-1435760,1435765,1435767,1437317,1437337,1437505,1437637,1437649,1437743,1437891,1437897,1437903,1438411,1438463,1439054,1439334,1439434,1439442,1439445,1439667,1440095,1440622,1440911,1441342,1441348,1441403,1441416,1441428,1441807,1441895,1441916,1441920,1443350,1443405,1443427,1445111,1445125,1445190,1445208,1445212,1445328,1445337,1445520,1446108,1446137,1446357,1446612,1446640,1446650,1447012,1447178,1447791,1447817-1447818,1448117,1448121,1448125,1448826,1449225,1449406,1450990,1451053,1451061,1451105,1451408,1451434,14517
69,1451938-1451939,1451947,1451955-1451956,1452295,1452501,1452707,1452719,1452721,1452752,1453105,1453112,1453435,1453439,1453490,1453544,1453549,1453621,1454828,1454832,1454953,1455344,1455854,1455973,1456083,1456440,1456453,1456491,1456494,1456657,1456666,1456678,1456706,1456713,1456716,1456721,1456740,1456762,1456766,1456822,1456844,1456863,1456872,1456882,1456885,1456895,1456899,1456904,1456916,1456920,1456926,1456932,1456959,1456963,1456970,1457299,1457301,1457362,1457382,1457402,1457452,1457748,1457968,1458187,1458192,1458200,1458221,1458562,1458564-1458565,1458694,1458726,1458738-1458739,1459010,1459028,1459031,1459061,1459074-1459075,1459085,1459218,1459223,1459289,1459389,1459523-1459524,1459673,1459681,1459761,1459769,1459933,1460107,1460115,1460234,1460313,1460330,1460342,1460533,1460633,1460679,1460873,1461026,1461110,1461341,1461349,1461849,1464781,1465795,1465807,1466051,1466072,1466106,1467091,1468415,1470400,1470435,1470765,1471371,1471632,1475750,1475791,1475900,14
75930,1475968,1476761,1476805,1476815,1476972,1477051,1479175,1479179,1479248,1479482,1479951,1481164,1481835,1482115,1482288,1482309,1482311,1482313,1482321,1482591,1482720,1482723,1482799,1482835,1482854,1483104,1483229,1483288,1483360-1483361,1483390,1483552,1483554,1483679,1483743-1483744,1483786-1483787,1483816-1483817,1483949,1484253,1484592,1484780,1484786,1484861-1484862,1484959,1485114,1485489,1485495,1485611,1485847,1485862,1486062,1486134,1486217,1486294,1486443,1486834,1486861,1486875,1486890,1486939,1487862,1487882,1488151,1488793,1489170,1489195-1489196,1489201,1489385,1489390,1489405,1489437,1489536,1489546,1489610,1489633,1489648,1489738,1489812,1489886,1491485,1491596,1491709,1491841,1491890,1491940,1491942,1492307,1492336,1492343,1492358,1492555,1492570,1493011,1493013-1493014,1493071,1493113,1493740,1493801,1493910,1494044,1494048,1494051,1494056,1494143,1495015,1495043,1495154,1495197,1495880,1495886,1496061,1496732,1496734,1497474,1497538,1497754,1498340,1498363
,1498368,1498409,1498475,1498482,1498498,1498669,1498698,1498808,1499371,1499388,1499513,1499953,1500003,1500062,1500371,1500380,1500577,1500590,1500663,1501176,1501266,1501304,1501719,1501738,1501823,1501910,1501927,1501929,1502254,1502349,1503851,1505843,1505929,1506053,1507013,1507052,1507096,1507870,1507872,1508196,1508259,1508346,1509128,1509151,1509156,1509161,1509806,1510246,1510271,1510488,1511212,1511217,1511434,1512034,1513025,1513148-1513149,1513665,1514281,1514291,1514305,1514368,1514470,1514485-1514486,1515841,1515926,1516113,1516295,1516419,1516710,1516953,1517536,1517898,1517941,1517970,1517980,1518189,1518210,1518328,1518381,1518536,1518540,1518578,1518581,1518589,1519611,1519623,1519627,1520273,1520349,1520632,1520655,1521023,1521025,1521027,1521030,1521032,1521034,1521040,1521043,1521049-1521050,1521059-1521061,1521073,1521075,1521271,1521276,1521444,1521687,1521829,1521831,1521834-1521835,1521837,1521839-1521840,1522016,1523555,1523646-1523647,1523674,1523781,1523
788,1523830,1523955,1523958,1523964,1523982,1524078,1524558,1524652,1524657,1524668,1524683,1524687,1524707,1524719,1524727,1524761,1524978,1524984,1525593,1525696,1526043,1526052,1527480,1527493,1527727-1527728,1527730-1527733,1528060,1528166,1528169,1528171-1528172,1528248,1528369,1528383,1528407,1528424,1528855,1529149,1529181,1529317,1529546,1529549,1529787,1530057,1530081,1530103,1530213,1530296,1530298,1530325,1530342,1530348,1530353,1530397,1530418,1530421,1530423,1530426,1530445,1530574,1530599,1530632,1530791,1530822,1530866,1530875,1530909,1530989,1531087,1531099,1531130,1531138,1531156,1531161,1531271,1531312,1531600,1532036,1532269,1532286,1532373,1532437,1532445,1532498-1532501,1532506,1532544,1532622,1532627,1532718-1532722,1532765-1532766,1533048-1533049,1533117,1533312,1533347,1533962,1533980,1534165,1534418,1534540,1534543-1534544,1534612,1534616,1534619,1534727,1534744,1534846,1536298,1536337,1536520,1536624,1536632,1536735,1536834,1536848,1536850,1536852,1537041,1
537057,1537073,1537404,1537835,1538533,1538781,1538798,1538921,1538923-1538924,1539133,1539157,1539173,1539445,1539452,1539702,1539716,1539887,1539953,1540374,1540383-1540386,1540396-1540398,1540400-1540413,1540539,1540641,1540647,1540670,1540687,1540765,1540807,1542267,1542339,1542769,1542841,1542845,1542856,1543383,1543753,1543772,1543815-1543817,1543897,1543943,1543948,1544072,1544075,1544082,1544165,1544208,1544210,1544453,1544455,1544460,1544472,1544589,1544593,1544606,1544679,1545075,1545078,1545082,1545213,1545215,1545261,1545284,1545288,1545377,1545416,1545471,1545480,1545558,1545619,1545665,1545750,1545799,1545814,1545832,1545847,1545863,1546172,1546372,1546382,1546631,1546656,1547032,1547760,1548169,1548182-1548183,1548185,1548498,1548695,1548961,1548966,1549522,1549525,1549528,1549909,1550387,1550541,1550743,1550920,1551298,1551300,1551323,1551481-1551482,1551953,1552042,1552071,1552080,1552287,1552804,1553126,1553608,1553650,1555163,1556725,1556783,1556788,1556807,155682
3,1556836,1556957,1557082,1557747,1557752,1558129,1558355,1558811,1559081,1559113,1559134,1559397,1559419,1559549-1559550,1559561-1559562,1559573,1559662,1559697,1559707,1559798,1560017,1560158,1560177,1560212-1560213,1560784,1560810,1560817,1560838,1560850,1560856,1560922,1560948,1561025,1561054-1561065,1561067-1561070,1561072-1561075,1561083,1561085,1561093-1561094,1561098,1561101,1561104,1561106,1561114-1561116,1561121-1561123,1561126-1561128,1561131-1561133,1561135-1561136,1561138,1561140,1561143-1561146,1561148-1561157,1561160-1561162,1561164-1561176,1561178-1561182,1561185-1561188,1561190-1561192,1561195,1561623,1561635,1561640,1561732,1562411,1562458,1562581,1562597,1562742,1562746,1563206,1563989,1564299,1564309,1564312,1564398,1564414,1564461,1564742-1564746,1565300-1565416,1565451,1565788,1566693,1566699,1567144,1567382,1567404,1567429,1567580,1567634,1567993,1568768,1568779-1568780,1568803,1568828,1568921,1568926,1568936,1569398,1569459,1569735,1569755,1570114,1570120,157
0176,1570547,1570601,1570629,1570713,1571196,1571725,1572574,1574004,1574479,1574923,1574936,1574943,1575012,1575262,1575545,1575885,1575910,1576104,1576271,1576288,1576628,1576722,1576768,1576810,1576908,1576923,1577182,1577195,1577315,1577324,1577463,1577544,1577557,1577565,1577581,1577714,1577873,1577944,1578309,1578329,1578337,1578610-1578611,1578636,1578810,1578812-1578813,1578817,1579174,1579214-1579215,1579626,1580030,1580080,1580194,1580514,1580598,1580658,1580821,1580849,1580869,1581061,1581529,1582009,1582453,1584915,1584922,1586644,1586658,1586890,1586894,1586951,1586959,1586961,1587272,1587378-1587379,1587723,1587859,1587865,1587870,1587886,1588102,1588193,1588197,1588269,1588462,1589035,1589039,1589043,1589100,1589102,1589165-1589166,1589170,1589523,1589630,1589633,1589668,1589698,1589726,1589737-1589738,1589763,1589837,1589842,1589967,1589980,1590018,1590060,1590076,1590120,1590128,1590283,1590300,1590302,1590322,1590329,1590339,1590345,1590377,1590402,1590422,1590438,
1590451,1590461,1590471,1590474,1590479,1590604,1590635,1590638,1590646,1590648,1590801,1590835,1590842,1590911,1593132,1593189,1593200,1593259,1593261,1593284,1593335,1593356,1593387,1593421,1593506,1593621,1593697,1593773,1593800,1593834,1593877,1593940,1593994,1594229,1594393,1594436,1594730,1594924,1595171,1595230,1595285,1595289,1595331,1595365,1595690,1595887,1595898,1596081,1596141,1596189,1596275,1596390,1596971,1597532,1597541,1597572-1597573,1597652,1597753-1597755,1597759,1597855,1598153,1598242,1598248,1598266-1598267,1598304,1598307,1598310-1598311,1598313,1599393,1599395,1599460,1599479,1599500,1599558,1599738-1599739,1600109,1600162,1600408,1600449,1600495,1600501,1600579-1600580,1600743,1600833,1600839,1600862,1600899,1600955,1600963,1600965,1600978,1600984,1601329-1601330,1601332,1601785,1601796,1601850,1601855,1601886,1601977,1602046,1602189,1602198,1602452,1602521,1602583,1602694,1602831,1602842,1602844,1602851,1602858,1602865,1602956,1603591,1603621,1603770,16037
75,1603779,1603783,1603947,1604024,1604165,1604484-1604496,1604605,1604661,1604768,1604776,1604781,1604788,1604810,1604818,1604822,1605054,1605061,1605066,1605402,1605417,1605454,1605528,1605821,1605823,1605890-1605891,1606072,1606103,1606114,1606653,1607592,1607675,1607740,1607930-1607931,1607934,1608301,1608428,1608443,1608481,1608645,1608963,1609061,1609175,1609334,1609593,1609920,1611506,1614163,1614169,1614179,1614197,1615710,1615724,1615876,1615911,1615947,1616441,1616452,1616458,1617362,1617365,1617383,1617445,1617456,1617461,1617469-1617470,1618112,1618169,1618565,1618688,1618704,1618830,1618832-1618835,1619056,1619106,1619114,1619361-1619362,1619583,1619585,1619738,1619742,1620743,1620915,1620917,1621698,1621725-1621727,1621729,1621731,1621929,1621975,1622163,1622187,1622228,1622233,1622251,1622259,1622263,1622297,1622312,1622342,1622470,1622713,1623236,1623384,1623392,1623685,1623693,1623695,1623779,1624110,1624112,1624115-1624116,1624119,1624122,1624124,1624126,1624129-16
24130,1624132-1624133,1624135,1624139,1624142-1624143,1624147,1624150,1624152,1624155-1624157,1624162-1624165,1624220,1624233,1624235,1624246-1624247,1624252,1624254,1624396,1624408,1624422,1624476,1624486-1624487,1624497-1624498,1624542,1624563-1624565,1624568-1624569,1624571,1624573,1624580,1624583,1624586,1624588,1624592,1624598,1624605,1624614,1624636,1624642,1624645,1624647-1624648,1624655,1624657,1624679,1624959,1624984,1625501,1625504,1625563,1625599,1625842,1625854,1626579,1626741,1626747-1626748,1626764-1626765,1626779,1626893,1626905,1626991,1627033,1627296,1627323,1627370,1627525,1627531,1627569,1627629,1628517,1628524,1628541,1628984,1629293,1630088,1630094,1630110,1630216,1630407,1631347,1631381,1631568,1631628,1631717,1631730,1631817-1631818,1631839,1631852,1631987,1631992-1631993,1632251,1632290,1632307,1632411,1632423-1632425,1632512,1632523,1632584,1632600-1632601,1632604,1632965,1632975,1632988,1633128,1633342,1633346,1633369,1633447-1633448,1633500,1633688,1633785
,1633824-1633825,1633936,1633974,1634229,1634250,1634257-1634258,1634260,1634312,1634326-1634327,1634329,1634690,1635215,1635301,1635308,1635310,1636524,1637331,1637684,1637695,1638720-1638725,1639653,1640083,1640088,1640275,1640322,1640347,1640361,1640365,1640652,1640655-1640658,1640688,1640700-1640883,1641000,1641058,1641064,1641374,1641634,1641656-1641692,1641707-1641718,1641721-1641722,1641735,1641981,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643121,1643206,1643209-1643210,1643216,1643270,1643283,1643309-1643310,1643536,1643570,1643634,1643654,1643675,1643733,1643761,1643963,1644017,1644321,1644529,1644535,1644989,1645011,1645357-1645358,1645455,1645486,1645488,1645626,1645641,1645685,1645743,1645763,1646304,1647042,1648815,1651116,1651120,1651280,1651470,1652938,1652970,1653550,1653574,1653797,1653815-1653816,1653840,1654013,1654123,1654159,1654735,1654766,1654785,1656590,1662736,1662985,1663264,1663277,1663324,1663
534,1663562,1663676,1663995,1664174,1664301,1664317,1664863-1664864,1664866,1665085,1665779,1666024,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1666637,1666649,1666757,1666966,1666985,1667292,1667402,1667406,1667546,1667615
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/Realm.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/Realm.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/Realm.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/Realm.java Wed Mar 18
21:38:31 2015
@@ -76,6 +76,15 @@ public interface Realm {
/**
+ * Return the Principal associated with the specified username, if there
+ * is one; otherwise return <code>null</code>.
+ *
+ * @param username Username of the Principal to look up
+ */
+ public Principal authenticate(String username);
+
+
+ /**
* Return the Principal associated with the specified username and
* credentials, if there is one; otherwise return <code>null</code>.
*
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Wed Mar 18 21:38:31 2015
@@ -45,6 +45,7 @@ import org.apache.catalina.connector.Req
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.util.DateTool;
import org.apache.catalina.util.SessionIdGeneratorBase;
import org.apache.catalina.util.StandardSessionIdGenerator;
@@ -710,20 +711,22 @@ public abstract class AuthenticatorBase
* authenticate the user without requiring further user interaction.
*
* @param request The current request
+ * @param response The current response
* @param useSSO Should information available from SSO be used to attempt
* to authenticate the current user?
*
* @return <code>true</code> if the user was authenticated via the cache,
* otherwise <code>false</code>
*/
- protected boolean checkForCachedAuthentication(Request request, boolean
useSSO) {
+ protected boolean checkForCachedAuthentication(Request request,
+ HttpServletResponse response, boolean useSSO) {
// Has the user already been authenticated?
Principal principal = request.getUserPrincipal();
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
if (principal != null) {
if (log.isDebugEnabled()) {
- log.debug("Already authenticated '" + principal.getName() +
"'");
+ log.debug(sm.getString("authenticator.check.found",
principal.getName()));
}
// Associate the session with any existing SSO session. Even if
// useSSO is false, this will ensure coordinated session
@@ -737,8 +740,7 @@ public abstract class AuthenticatorBase
// Is there an SSO session against which we can try to reauthenticate?
if (useSSO && ssoId != null) {
if (log.isDebugEnabled()) {
- log.debug("SSO Id " + ssoId + " set; attempting " +
- "reauthentication");
+ log.debug(sm.getString("authenticator.check.sso", ssoId));
}
/* Try to reauthenticate using data cached by SSO. If this fails,
either the original SSO logon was of DIGEST or SSL (which
@@ -751,6 +753,31 @@ public abstract class AuthenticatorBase
}
}
+ // Has the Connector provided a pre-authenticated Principal that now
+ // needs to be authorized?
+ if (request.getCoyoteRequest().getRemoteUserNeedsAuthorization()) {
+ String username =
request.getCoyoteRequest().getRemoteUser().toString();
+ if (username != null) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("authenticator.check.authorize",
username));
+ }
+ Principal authorized =
context.getRealm().authenticate(username);
+ if (authorized == null) {
+ // Realm doesn't recognise user. Create a user with no
roles
+ // from the authenticated user name
+ if (log.isDebugEnabled()) {
+
log.debug(sm.getString("authenticator.check.authorizeFail", username));
+ }
+ authorized = new GenericPrincipal(username, null, null);
+ }
+ String authType = request.getAuthType();
+ if (authType == null || authType.length() == 0) {
+ authType = getAuthMethod();
+ }
+ register(request, response, authorized, authType, username,
null);
+ return true;
+ }
+ }
return false;
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/BasicAuthenticator.java
Wed Mar 18 21:38:31 2015
@@ -93,7 +93,7 @@ public class BasicAuthenticator
LoginConfig config)
throws IOException {
- if (checkForCachedAuthentication(request, true)) {
+ if (checkForCachedAuthentication(request, response, true)) {
return true;
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
Wed Mar 18 21:38:31 2015
@@ -260,7 +260,7 @@ public class DigestAuthenticator extends
// Change to true below to allow previous FORM or BASIC authentications
// to authenticate users for this webapp
// TODO make this a configurable attribute (in SingleSignOn??)
- if (checkForCachedAuthentication(request, false)) {
+ if (checkForCachedAuthentication(request, response, false)) {
return true;
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Wed Mar 18 21:38:31 2015
@@ -149,7 +149,7 @@ public class FormAuthenticator
LoginConfig config)
throws IOException {
- if (checkForCachedAuthentication(request, true)) {
+ if (checkForCachedAuthentication(request, response, true)) {
return (true);
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
Wed Mar 18 21:38:31 2015
@@ -15,6 +15,10 @@
authenticator.certificates=No client certificate chain in this request
authenticator.forbidden=Access to the requested resource has been denied
+authenticator.check.authorize=Authorizing connector provided user [{0}] via
Tomcat Realm
+authenticator.check.authorizeFail=Realm did not recognise user [{0}]. Creating
a Principal with that name and no roles.
+authenticator.check.found=Already authenticated [{0}]
+authenticator.check.sso=Not authenticated but SSO session ID [{0}] found.
Attempting re-authentication.
authenticator.formlogin=Invalid direct reference to form login page
authenticator.invalid=Invalid client certificate chain in this request
authenticator.loginFail=Login failed
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
Wed Mar 18 21:38:31 2015
@@ -115,7 +115,7 @@ public final class NonLoginAuthenticator
// Don't try and use SSO to authenticate since there is no auth
// configured for this web application
- if (checkForCachedAuthentication(request, true)) {
+ if (checkForCachedAuthentication(request, response, true)) {
return true;
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SSLAuthenticator.java
Wed Mar 18 21:38:31 2015
@@ -92,7 +92,7 @@ public class SSLAuthenticator
// Change to true below to allow previous FORM or BASIC authentications
// to authenticate users for this webapp
// TODO make this a configurable attribute (in SingleSignOn??)
- if (checkForCachedAuthentication(request, false)) {
+ if (checkForCachedAuthentication(request, response, false)) {
return true;
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Wed Mar 18 21:38:31 2015
@@ -136,7 +136,7 @@ public class SpnegoAuthenticator extends
public boolean authenticate(Request request, HttpServletResponse response,
LoginConfig config) throws IOException {
- if (checkForCachedAuthentication(request, true)) {
+ if (checkForCachedAuthentication(request, response, true)) {
return true;
}
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Wed Mar 18 21:38:31 2015
@@ -26,9 +26,11 @@ import javax.servlet.RequestDispatcher;
import javax.servlet.SessionTrackingMode;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.Authenticator;
import org.apache.catalina.Context;
import org.apache.catalina.Host;
import org.apache.catalina.Wrapper;
+import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.comet.CometEvent;
import org.apache.catalina.comet.CometEvent.EventType;
import org.apache.catalina.core.AsyncContextImpl;
@@ -851,17 +853,44 @@ public class CoyoteAdapter implements Ad
return false;
}
- doConnectorAuthentication(req, request);
+ doConnectorAuthenticationAuthorization(req, request);
return true;
}
- private void doConnectorAuthentication(org.apache.coyote.Request req,
Request request) {
+ private void
doConnectorAuthenticationAuthorization(org.apache.coyote.Request req, Request
request) {
// Set the remote principal
- String principal = req.getRemoteUser().toString();
- if (principal != null) {
- request.setUserPrincipal(new CoyotePrincipal(principal));
+ String username = req.getRemoteUser().toString();
+ if (username != null) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("coyoteAdapter.authenticate",
username));
+ }
+ if (req.getRemoteUserNeedsAuthorization()) {
+ Authenticator authenticator =
request.getContext().getAuthenticator();
+ if (authenticator == null) {
+ // No security constraints configured for the application
so
+ // no need to authorize the user. Use the CoyotePrincipal
to
+ // provide the authenticated user.
+ request.setUserPrincipal(new CoyotePrincipal(username));
+ } else if (!(authenticator instanceof AuthenticatorBase)) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("coyoteAdapter.authorize",
username));
+ }
+ // Custom authenticator that may not trigger authorization.
+ // Do the authorization here to make sure it is done.
+ request.setUserPrincipal(
+
request.getContext().getRealm().authenticate(username));
+ }
+ // If the Authenticator is an instance of AuthenticatorBase
then
+ // it will check req.getRemoteUserNeedsAuthorization() and
+ // trigger authorization as necessary. It will also cache the
+ // result preventing excessive calls to the Realm.
+ } else {
+ // The connector isn't configured for authorization. Create a
+ // user without any roles using the supplied user name.
+ request.setUserPrincipal(new CoyotePrincipal(username));
+ }
}
// Set the authorization type
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
---
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/LocalStrings.properties
Wed Mar 18 21:38:31 2015
@@ -13,7 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-
#
# CoyoteConnector
#
@@ -34,6 +33,8 @@ coyoteConnector.parseBodyMethodNoTrace=T
#
# CoyoteAdapter
#
+coyoteAdapter.authenticate=Authenticated user [{0}] provided by connector
+coyoteAdapter.authorize=Authorizing user [{0}] using Tomcat's Realm
coyoteAdapter.read=The servlet did not read all available bytes during the
processing of the read event
coyoteAdapter.parsePathParam=Unable to parse the path parameters using
encoding [{0}]. The path parameters in the URL will be ignored.
coyoteAdapter.checkRecycled.request=Encountered a non-recycled request and
recycled it forcedly.
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/CombinedRealm.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/CombinedRealm.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/CombinedRealm.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/CombinedRealm.java Wed
Mar 18 21:38:31 2015
@@ -127,6 +127,41 @@ public class CombinedRealm extends Realm
/**
+ * Return the Principal associated with the specified user name otherwise
+ * return <code>null</code>.
+ *
+ * @param username User name of the Principal to look up
+ */
+ @Override
+ public Principal authenticate(String username) {
+ Principal authenticatedUser = null;
+
+ for (Realm realm : realms) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("combinedRealm.authStart", username,
+ realm.getClass().getName()));
+ }
+
+ authenticatedUser = realm.authenticate(username);
+
+ if (authenticatedUser == null) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("combinedRealm.authFail", username,
+ realm.getClass().getName()));
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("combinedRealm.authSuccess",
+ username, realm.getClass().getName()));
+ }
+ break;
+ }
+ }
+ return authenticatedUser;
+ }
+
+
+ /**
* Return the Principal associated with the specified username and
* credentials, if there is one; otherwise return <code>null</code>.
*
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java Wed Mar
18 21:38:31 2015
@@ -347,6 +347,27 @@ public abstract class RealmBase extends
/**
+ * Return the Principal associated with the specified username, if there
+ * is one; otherwise return <code>null</code>.
+ *
+ * @param username Username of the Principal to look up
+ */
+ @Override
+ public Principal authenticate(String username) {
+
+ if (username == null) {
+ return null;
+ }
+
+ if (containerLog.isTraceEnabled()) {
+ containerLog.trace(sm.getString("realmBase.authenticateSuccess",
username));
+ }
+
+ return getPrincipal(username);
+ }
+
+
+ /**
* Return the Principal associated with the specified username and
* credentials, if there is one; otherwise return <code>null</code>.
*
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/Request.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/Request.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/Request.java Wed Mar 18
21:38:31 2015
@@ -131,9 +131,10 @@ public final class Request {
private Cookies cookies = new Cookies(headers);
private Parameters parameters = new Parameters();
- private MessageBytes remoteUser=MessageBytes.newInstance();
- private MessageBytes authType=MessageBytes.newInstance();
- private HashMap<String,Object> attributes=new HashMap<String,Object>();
+ private MessageBytes remoteUser = MessageBytes.newInstance();
+ private boolean remoteUserNeedsAuthorization = false;
+ private MessageBytes authType = MessageBytes.newInstance();
+ private HashMap<String,Object> attributes = new HashMap<String,Object>();
private Response response;
private ActionHook hook;
@@ -383,6 +384,14 @@ public final class Request {
return remoteUser;
}
+ public boolean getRemoteUserNeedsAuthorization() {
+ return remoteUserNeedsAuthorization;
+ }
+
+ public void setRemoteUserNeedsAuthorization(boolean
remoteUserNeedsAuthorization) {
+ this.remoteUserNeedsAuthorization = remoteUserNeedsAuthorization;
+ }
+
public MessageBytes getAuthType() {
return authType;
}
@@ -505,6 +514,7 @@ public final class Request {
instanceId.recycle();
remoteUser.recycle();
+ remoteUserNeedsAuthorization = false;
authType.recycle();
attributes.clear();
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProcessor.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProcessor.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProcessor.java
Wed Mar 18 21:38:31 2015
@@ -277,6 +277,16 @@ public abstract class AbstractAjpProcess
/**
+ * Use Tomcat authorization ?
+ */
+ private boolean tomcatAuthorization = false;
+ public boolean getTomcatAuthorization() { return tomcatAuthorization; }
+ public void setTomcatAuthorization(boolean tomcatAuthorization) {
+ this.tomcatAuthorization = tomcatAuthorization;
+ }
+
+
+ /**
* Required secret.
*/
protected String requiredSecret = null;
@@ -834,11 +844,13 @@ public abstract class AbstractAjpProcess
break;
case Constants.SC_A_REMOTE_USER :
- if (tomcatAuthentication) {
- // ignore server
- requestHeaderMessage.getBytes(tmpMB);
- } else {
+ if (tomcatAuthorization || !tomcatAuthentication) {
+ // Implies tomcatAuthentication == false
requestHeaderMessage.getBytes(request.getRemoteUser());
+
request.setRemoteUserNeedsAuthorization(tomcatAuthorization);
+ } else {
+ // Ignore user information from reverse proxy
+ requestHeaderMessage.getBytes(tmpMB);
}
break;
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
Wed Mar 18 21:38:31 2015
@@ -42,7 +42,7 @@ public abstract class AbstractAjpProtoco
// ------------------------------------------ managed in the
ProtocolHandler
/**
- * Should authentication be done in the native webserver layer,
+ * Should authentication be done in the native web server layer,
* or in the Servlet container ?
*/
protected boolean tomcatAuthentication = true;
@@ -53,6 +53,17 @@ public abstract class AbstractAjpProtoco
/**
+ * Should authentication be done in the native web server layer and
+ * authorization in the Servlet container?
+ */
+ private boolean tomcatAuthorization = false;
+ public boolean getTomcatAuthorization() { return tomcatAuthorization; }
+ public void setTomcatAuthorization(boolean tomcatAuthorization) {
+ this.tomcatAuthorization = tomcatAuthorization;
+ }
+
+
+ /**
* Required secret.
*/
protected String requiredSecret = null;
@@ -73,7 +84,7 @@ public abstract class AbstractAjpProtoco
this.packetSize = packetSize;
}
}
-
+
protected abstract static class AbstractAjpConnectionHandler<S,P extends
AbstractAjpProcessor<S>>
extends AbstractConnectionHandler<S, P> {
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProtocol.java Wed Mar
18 21:38:31 2015
@@ -146,6 +146,7 @@ public class AjpAprProtocol extends Abst
AjpAprProcessor processor = new AjpAprProcessor(proto.packetSize,
(AprEndpoint)proto.endpoint);
processor.setAdapter(proto.adapter);
processor.setTomcatAuthentication(proto.tomcatAuthentication);
+ processor.setTomcatAuthorization(proto.getTomcatAuthorization());
processor.setRequiredSecret(proto.requiredSecret);
processor.setKeepAliveTimeout(proto.getKeepAliveTimeout());
processor.setClientCertProvider(proto.getClientCertProvider());
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpNioProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpNioProtocol.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpNioProtocol.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpNioProtocol.java Wed Mar
18 21:38:31 2015
@@ -172,6 +172,7 @@ public class AjpNioProtocol extends Abst
AjpNioProcessor processor = new AjpNioProcessor(proto.packetSize,
(NioEndpoint)proto.endpoint);
processor.setAdapter(proto.adapter);
processor.setTomcatAuthentication(proto.tomcatAuthentication);
+ processor.setTomcatAuthorization(proto.getTomcatAuthorization());
processor.setRequiredSecret(proto.requiredSecret);
processor.setKeepAliveTimeout(proto.getKeepAliveTimeout());
processor.setClientCertProvider(proto.getClientCertProvider());
Modified: tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/coyote/ajp/AjpProtocol.java Wed Mar 18
21:38:31 2015
@@ -134,6 +134,7 @@ public class AjpProtocol extends Abstrac
AjpProcessor processor = new AjpProcessor(proto.packetSize,
(JIoEndpoint)proto.endpoint);
processor.setAdapter(proto.adapter);
processor.setTomcatAuthentication(proto.tomcatAuthentication);
+ processor.setTomcatAuthorization(proto.getTomcatAuthorization());
processor.setRequiredSecret(proto.requiredSecret);
processor.setKeepAliveTimeout(proto.getKeepAliveTimeout());
processor.setClientCertProvider(proto.getClientCertProvider());
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed Mar 18 21:38:31 2015
@@ -234,6 +234,14 @@
Refactor Connector authentication (only used by AJP) into a separate
method. (markt)
</scode>
+ <add>
+ <bug>57708</bug>: Implement a new feature for AJP connectors - Tomcat
+ Authorization. If the new tomcatAuthorization attribute is set to
+ <code>true</code> (it is disabled by default) Tomcat will take an
+ authenticated user name from the AJP protocol and use the appropriate
+ Realm for the request to authorize (i.e. add roles) to that user.
+ (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/ajp.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/ajp.xml?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/ajp.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/ajp.xml Wed Mar 18 21:38:31 2015
@@ -431,8 +431,22 @@
<attribute name="tomcatAuthentication" required="false">
<p>If set to <code>true</code>, the authentication will be done in
Tomcat.
Otherwise, the authenticated principal will be propagated from the native
- webserver and used for authorization in Tomcat.
- The default value is <code>true</code>.</p>
+ webserver and used for authorization in Tomcat. Note that this principal
+ will have no roles associated with it.
+ The default value is <code>true</code>. If
+ <code>tomcatAuthorization</code> is set to <code>true</code> this
+ attribute has no effect.</p>
+ </attribute>
+
+ <attribute name="tomcatAuthorization" required="false">
+ <p>If set to <code>true</code>, the authenticated principal will be
+ propagated from the native webserver and considered already authenticated
+ in Tomcat. If the web application has one or more security constriants,
+ authorization will then be performed by Tomcat and roles asisgned to the
+ authenticated principal. If the appropriate Tomcat Realm for the request
+ does not recognise the provided user name, a Principal will be still be
+ created but it will have no roles. The default value is
+ <code>false</code>.</p>
</attribute>
</attributes>
Modified: tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Wed Mar 18 21:38:31
2015
@@ -276,10 +276,12 @@
the list of available ciphers. Secure environments will normally want to
configure a more limited set of ciphers.</p>
- <p>The <strong>tomcatAuthentication</strong> attribute is used with the
- AJP connectors to determine if Tomcat should authenticate the user or if
- authentication can be delegated to the reverse proxy that will then pass
- the authenticated username to Tomcat as part of the AJP protocol.</p>
+ <p>The <strong>tomcatAuthentication</strong> and
+ <strong>tomcatAuthorization</strong> attributes are used with the
+ AJP connectors to determine if Tomcat should handle all authenication and
+ authorisation or if authentication should be delegated to the reverse
+ proxy (the authenticated user name is passed to Tomcat as part of the AJP
+ protocol) with the option for Tomcat to still perform authorization.</p>
<p>The <strong>allowUnsafeLegacyRenegotiation</strong> attribute provides
a workaround for
Modified: tomcat/tc7.0.x/trunk/webapps/docs/windows-auth-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/windows-auth-howto.xml?rev=1667625&r1=1667624&r2=1667625&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/windows-auth-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/windows-auth-howto.xml Wed Mar 18
21:38:31 2015
@@ -299,7 +299,9 @@ com.sun.security.jgss.krb5.accept {
<li>Configure IIS to use Windows authentication</li>
<li>Configure Tomcat to use the authentication user information from IIS by
setting the tomcatAuthentication attribute on the <a href="config/ajp.html">
- AJP connector</a> to <code>false</code>.</li>
+ AJP connector</a> to <code>false</code>. Alternatively, set the
+ tomcatAuthorization attribute to <code>true</code> to allow IIS to
+ authenticate, while Tomcat performs the authorization.</li>
</ol>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
