--- [EMAIL PROTECTED] wrote:
> craigmcc 01/05/15 18:43:56
>
> Modified:
> catalina/src/share/org/apache/catalina/authenticator
> AuthenticatorBase.java
> Log:
> Revert the previous change, back to what was 1.13.
>
> Revision Changes Path
> 1.15 +97 -31
>
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
>
> Index: AuthenticatorBase.java
>
>
===================================================================
> RCS file:
>
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
> retrieving revision 1.14
> retrieving revision 1.15
> diff -u -r1.14 -r1.15
> --- AuthenticatorBase.java 2001/05/16 01:40:00
> 1.14
> +++ AuthenticatorBase.java 2001/05/16 01:43:54
> 1.15
> @@ -1,7 +1,7 @@
> /*
> - * $Header:
>
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
> 1.14 2001/05/16 01:40:00 craigmcc Exp $
> - * $Revision: 1.14 $
> - * $Date: 2001/05/16 01:40:00 $
> + * $Header:
>
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
> 1.15 2001/05/16 01:43:54 craigmcc Exp $
> + * $Revision: 1.15 $
> + * $Date: 2001/05/16 01:43:54 $
> *
> *
>
====================================================================
> *
> @@ -66,6 +66,8 @@
>
>
> import java.io.IOException;
> +import java.net.MalformedURLException;
> +import java.net.URL;
> import java.security.MessageDigest;
> import java.security.NoSuchAlgorithmException;
> import java.security.Principal;
> @@ -119,7 +121,7 @@
> * requests. Requests of any other type will
> simply be passed through.
> *
> * @author Craig R. McClanahan
> - * @version $Revision: 1.14 $ $Date: 2001/05/16
> 01:40:00 $
> + * @version $Revision: 1.15 $ $Date: 2001/05/16
> 01:43:54 $
> */
>
>
> @@ -474,32 +476,41 @@
> log(" Subject to constraint " + constraint);
>
> // Enforce any user data constraint for this
> security constraint
> + if (debug >= 1)
> + log(" Calling checkUserData()");
> if (!checkUserData(hrequest, hresponse,
> constraint)) {
> if (debug >= 1)
> log(" Failed checkUserData() test");
> - ((HttpServletResponse)
> hresponse.getResponse()).sendError
> -
> (HttpServletResponse.SC_FORBIDDEN,
> - ((HttpServletRequest)
> hrequest.getRequest()).getRequestURI());
> - return;
> - }
> -
> - // Authenticate based upon the specified login
> configuration
> - if (!authenticate(hrequest, hresponse, config))
> {
> - if (debug >= 1)
> - log(" Failed authenticate() test");
> // ASSERT: Authenticator already set
> the appropriate
> // HTTP status code, so we do not
> have to do anything special
> return;
> }
>
> + // Authenticate based upon the specified login
> configuration
> + if (constraint.getAuthConstraint()) {
> + if (debug >= 1)
> + log(" Calling authenticate()");
> + if (!authenticate(hrequest,
> hresponse, config)) {
> + if (debug >= 1)
> + log(" Failed authenticate()
> test");
> + // ASSERT: Authenticator already
> set the appropriate
> + // HTTP status code, so we do not
> have to do anything special
> + return;
> + }
> + }
> +
> // Perform access control based on the specified
> role(s)
> - if (!accessControl(hrequest, hresponse,
> constraint)) {
> - if (debug >= 1)
> - log(" Failed accessControl() test");
> - // ASSERT: Access control method has
> already set the appropriate
> - // HTTP status code, so we do not
> have to do anything special
> - return;
> - }
> + if (constraint.getAuthConstraint()) {
> + if (debug >= 1)
> + log(" Calling accessControl()");
> + if (!accessControl(hrequest,
> hresponse, constraint)) {
> + if (debug >= 1)
> + log(" Failed accessControl()
> test");
> + // ASSERT: AccessControl method
> has already set the appropriate
> + // HTTP status code, so we do not
> have to do anything special
> + return;
> + }
> + }
>
> // Any and all specified constraints have been
> satisfied
> if (debug >= 1)
> @@ -634,22 +645,77 @@
> throws IOException {
>
> // Is there a relevant user data constraint?
> - if (constraint == null)
> + if (constraint == null) {
> + if (debug >= 2)
> + log(" No applicable security constraint
> defined");
> return (true);
> + }
> String userConstraint =
> constraint.getUserConstraint();
> - if (userConstraint == null)
> + if (userConstraint == null) {
> + if (debug >= 2)
> + log(" No applicable user data constraint
> defined");
> return (true);
> - if
> (userConstraint.equals(Constants.NONE_TRANSPORT))
> + }
> + if
> (userConstraint.equals(Constants.NONE_TRANSPORT)) {
> + if (debug >= 2)
> + log(" User data constraint has
> no restrictions");
> return (true);
> + }
>
> // Validate the request against the user data
> constraint
> - if (!request.getRequest().isSecure()) {
> - ((HttpServletResponse)
> response.getResponse()).sendError
> - (HttpServletResponse.SC_BAD_REQUEST,
> -
> sm.getString("authenticator.userDataConstraint"));
> - return (false);
> - }
> - return (true);
> + if (request.getRequest().isSecure()) {
> + if (debug >= 2)
> + log(" User data constraint
> already satisfied");
> + return (true);
> + }
> +
> + // Initialize variables we need to
> determine the appropriate action
> + HttpServletRequest hrequest =
> + (HttpServletRequest)
> request.getRequest();
> + HttpServletResponse hresponse =
> + (HttpServletResponse)
> response.getResponse();
> + int redirectPort =
> request.getConnector().getRedirectPort();
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/