cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
billbarker2004/11/20 18:47:01 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Process the redirect to https if the redirectPort is specified Revision ChangesPath 1.23 +15 -0 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- AccessInterceptor.java25 Feb 2004 06:52:40 - 1.22 +++ AccessInterceptor.java21 Nov 2004 02:47:01 - 1.23 @@ -305,6 +305,21 @@ if( CONFIDENTIAL.equalsIgnoreCase(transp) || INTEGRAL.equalsIgnoreCase(transp) ) { if( ! req.scheme().equals(https)) { + Integer rp = (Integer)req.getAttribute(org.apache.tomcat.request.redirectPort); + if(rp != null rp.intValue() 0) { + StringBuffer rsb = new StringBuffer(); + rsb.append(https://;).append(req.serverName()); + if(rp.intValue() != 443) { + rsb.append(':').append(rp); + } + rsb.append(req.requestURI()); + if(!req.query().isNull()) { + rsb.append('?').append(req.query()); + } + req.setAttribute(javax.servlet.error.message, + rsb.toString()); + return 301; + } // We could redirect or do something advanced - but the spec // only requires us to deny access. A nice error handler // would also be nice - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
billbarker01/12/07 20:50:41 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Fix the position of ;jsessionid on 401 responses. The original code didn't work if the protected servlet was being called with a query string (it put the ;jsessionid after the query string, so it becomes lost). Now it is stuck to the requestURI where it belongs. Revision ChangesPath 1.20 +4 -3 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- AccessInterceptor.java2001/10/27 02:12:19 1.19 +++ AccessInterceptor.java2001/12/08 04:50:41 1.20 @@ -527,9 +527,7 @@ if( debug0) log( Username = + username); String originalLocation = req.requestURI().toString(); - if (req.queryString().toString() != null - !req.queryString().toString().equals()) - originalLocation += ? + req.queryString().toString(); + //XXX is needed to put the JVM route too? if (noSession || Request.SESSIONID_FROM_URL.equals(req.getSessionIdSource())) { @@ -538,6 +536,9 @@ originalLocation += id ; page += id ; } + if (req.queryString().toString() != null + !req.queryString().toString().equals()) + originalLocation += ? + req.queryString().toString(); session.setAttribute( tomcat.auth.originalLocation, originalLocation); -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
billbarker01/10/26 19:12:19 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: With the old code, if you have a context /foo and set it's login page to /foologin.html, horrible things would happen to you. With this, the context has to be the first component in order to fail. Of course, having a /foo sub-directory of the context will still fail, but I can later that one. Revision ChangesPath 1.19 +2 -2 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- AccessInterceptor.java2001/10/03 05:38:44 1.18 +++ AccessInterceptor.java2001/10/27 02:12:19 1.19 @@ -160,7 +160,7 @@ String cpath=ctx.getPath(); // Workaround for common error - ctx path included - if( page.startsWith( cpath ) ) { + if( page.startsWith( cpath + / ) ) { if( ! (.equals(cpath) || /.equals(cpath)) ) ctx.log(FORM: WARNING, login page starts with + context path + page + + cpath ); @@ -168,7 +168,7 @@ page= cpath + page; - if( errorPage.startsWith( cpath ) ) { + if( errorPage.startsWith( cpath + / ) ) { if( ! (/.equals(cpath) || .equals( cpath )) ) ctx.log(FORM: WARNING, error page starts with + context path + errorPage);
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
billbarker01/10/02 22:38:44 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Add a check for INTEGRAL transport-guarantee. This gets us in line with the recommended behavior in the servlet spec (that INTEGRAL should imply SSL). Revision ChangesPath 1.18 +4 -3 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- AccessInterceptor.java2001/09/23 03:26:32 1.17 +++ AccessInterceptor.java2001/10/03 05:38:44 1.18 @@ -333,10 +333,11 @@ transp=(String)req.getNote( reqTransportNote ); } - // Check transport. We only verify CONFIDENTIAL, other auth modules - // could do other tests + // Check transport. We verify CONFIDENTIAL and INTEGRAL, + // other auth modules could do other tests if( debug 0 ) log( Transport + transp ); - if( CONFIDENTIAL.equalsIgnoreCase(transp) ) { + if( CONFIDENTIAL.equalsIgnoreCase(transp) || + INTEGRAL.equalsIgnoreCase(transp) ) { if( ! req.scheme().equals(https)) { // We could redirect or do something advanced - but the spec // only requires us to deny access. A nice error handler
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
nacho 01/09/22 20:26:32 Modified:src/share/org/apache/tomcat/modules/mappers DecodeInterceptor.java src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Better messages for some 403 statuses, returned when unsafe URLS or when trying to access WEB-INF dir. Revision ChangesPath 1.8 +3 -2 jakarta-tomcat/src/share/org/apache/tomcat/modules/mappers/DecodeInterceptor.java Index: DecodeInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/mappers/DecodeInterceptor.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- DecodeInterceptor.java2001/08/12 01:47:59 1.7 +++ DecodeInterceptor.java2001/09/23 03:26:32 1.8 @@ -296,9 +296,10 @@ // throw new RuntimeException(ASSERT: ? in requestURI); // If path is unsafe, return forbidden -if( safe !isSafeURI(pathMB) ) +if( safe !isSafeURI(pathMB) ){ +req.setAttribute(javax.servlet.error.message,Unsafe URL); return 403; - + } if( normalize ( pathMB.indexOf(//) = 0 || pathMB.indexOf(/. ) =0 1.17 +4 -4 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- AccessInterceptor.java2001/09/14 04:13:35 1.16 +++ AccessInterceptor.java2001/09/23 03:26:32 1.17 @@ -258,10 +258,10 @@ int ctxPathLen=ctxPath.length(); // quick test - if( reqURIMB.startsWithIgnoreCase( /META-INF, ctxPathLen) ) { - return 403; - } - if( reqURIMB.startsWithIgnoreCase( /WEB-INF, ctxPathLen) ) { + if( reqURIMB.startsWithIgnoreCase( /META-INF, ctxPathLen) || + reqURIMB.startsWithIgnoreCase( /WEB-INF, ctxPathLen) ) { +req.setAttribute(javax.servlet.error.message, + Forbidden directory); return 403; }
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
costin 01/09/13 21:13:35 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Remove the result of too much cutpaste - thanks Attila Szegedi [EMAIL PROTECTED] for pointing this out. Revision ChangesPath 1.16 +6 -19 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- AccessInterceptor.java2001/09/10 06:43:02 1.15 +++ AccessInterceptor.java2001/09/14 04:13:35 1.16 @@ -465,7 +465,10 @@ } class BasicAuthHandler extends Handler { -int sbNote=0; +// it goes back with the 401 response, not visible to the user +static final String errorMessage= + htmlheadtitleNot Authorized/title/head+ + bodyNot Authorized/body/html; BasicAuthHandler() { // setOrigin( Handler.ORIGIN_INTERNAL ); @@ -485,24 +488,8 @@ // and notify the user they are not authorized if BasicAuth fails res.setContentType(text/html);// ISO-8859-1 default - if( sbNote==0 ) { - sbNote=req.getContextManager().getNoteId(ContextManager.REQUEST_NOTE, - BasicAuthHandler.buff); - } - - // we can recycle it because - // we don't call toString(); - StringBuffer buf=(StringBuffer)req.getNote( sbNote ); - if( buf==null ) { - buf = new StringBuffer(); - req.setNote( sbNote, buf ); - } - -buf.append(htmlheadtitleNot Authorized/title/head); -buf.append(bodyNot Authorized/body/html); - -res.setContentLength(buf.length()); - res.getBuffer().write( buf ); +res.setContentLength(errorMessage.length()); + res.getBuffer().write( errorMessage ); } }
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
costin 01/09/09 23:43:02 Modified:src/share/org/apache/tomcat/core ContextManager.java Request.java src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Fix 3441, small enhancement in security constraints handling. The problem was that ContextManager only checked for user roles to decide if authorization is needed. Now any security-related property will triger the authorize hook ( well, right now there are only 2 kinds - transport and user, but it's better to be flexible ). A new field, securityContext will hold all the secuirity-related properties for the request and will be set by AccessInterceptor. No other changes are needed, except for modules that implement authorize() - they must be prepared to deal with situations when only transport constraints are required. Regarding the transport - we just report an error - we could do a more advanced operation like redirect, but that can also be done by users using error directives - or later, by a more advanced module. Revision ChangesPath 1.193 +6 -9 jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java Index: ContextManager.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v retrieving revision 1.192 retrieving revision 1.193 diff -u -r1.192 -r1.193 --- ContextManager.java 2001/09/03 02:20:08 1.192 +++ ContextManager.java 2001/09/10 06:43:01 1.193 @@ -887,20 +887,17 @@ return; } - String roles[]=req.getRequiredRoles(); - if(roles != null ) { + Container sct=req.getSecurityContext(); + if(sct != null ) { status=0; BaseInterceptor reqI[]; - if( req.getContext()==null ) - reqI=getContainer(). - getInterceptors( Container.H_handleError ); - else - reqI = req.getContext().getContainer(). - getInterceptors(Container.H_authorize); + // assert( req.getContext()!=null ) - checked in processRequest + reqI = req.getContext().getContainer(). + getInterceptors(Container.H_authorize); // Call all authorization callbacks. for( int i=0; i reqI.length; i++ ) { - status = reqI[i].authorize( req, res, roles ); + status = reqI[i].authorize( req, res, sct.getRoles() ); if ( status != BaseInterceptor.DECLINED ) { break; } 1.112 +22 -0 jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java Index: Request.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java,v retrieving revision 1.111 retrieving revision 1.112 diff -u -r1.111 -r1.112 --- Request.java 2001/09/01 00:57:16 1.111 +++ Request.java 2001/09/10 06:43:01 1.112 @@ -190,6 +190,9 @@ protected Principal principal; // active roles for the current user protected String userRoles[]; + +// Security properties required by the config ( web.xml constraints ) +protected Container security; protected String reqRoles[]; // Association with other tomcat comp. @@ -597,10 +600,28 @@ reqRoles=roles; } +/** Return the associated security properties for + * the request. This is set up during mapping using the configured + * constraints. The container holds various security properties that + * are checked using authorize() hook. If no security context is set + * the authorize hook will not be called. + */ +public Container getSecurityContext() { + return security; +} + +public void setSecurityContext( Container ct ) { + security=ct; +} + +/** @deprecated use getSecurityContext + */ public String[] getRequiredRoles( ) { return reqRoles; } +/** @deprecated use setSecurityContext + */ public void setUserRoles( String roles[] ) { userRoles=roles; } @@ -1048,6 +1069,7 @@ notAuthenticated=true; userRoles=null; reqRoles=null; + security=null; uriMB.recycle(); unparsedURIMB.recycle(); 1.15 +34 -1 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file:
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
nacho 01/08/24 16:57:45 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Fix for Bugzilla#2118 Incosistent behaviuor updating OriginalLocation in FormAuthHandler Class Reported by Juan Jose Muñoz ( jmartine at alhsys.es ), mark.shotton at micromass.co.uk Revision ChangesPath 1.14 +15 -12 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- AccessInterceptor.java2001/08/23 14:59:14 1.13 +++ AccessInterceptor.java2001/08/24 23:57:45 1.14 @@ -505,24 +505,13 @@ String username=(String)session.getAttribute( j_username ); if( debug0) log( Username = + username); - if( username != null ) { - // 401 with existing j_username - that means wrong credentials. - // Next time we'll have a fresh start - session.removeAttribute( j_username); - session.removeAttribute( j_password); - req.setAttribute(javax.servlet.error.message, - errorPage ); - if( debug0) log( Redirecting to + errorPage ); - contextM.handleStatus( req, res, 302 ); // redirect - return; - } String originalLocation = req.requestURI().toString(); if (req.queryString().toString() != null !req.queryString().toString().equals()) originalLocation += ? + req.queryString().toString(); //XXX is needed to put the JVM route too? -if (noSession +if (noSession || Request.SESSIONID_FROM_URL.equals(req.getSessionIdSource())) { // If new session we have no way to know if cookies are supported String id=;jsessionid=+req.getSessionId() ; @@ -531,6 +520,20 @@ } session.setAttribute( tomcat.auth.originalLocation, originalLocation); + + + if( username != null ) { + // 401 with existing j_username - that means wrong credentials. + // Next time we'll have a fresh start + session.removeAttribute( j_username); + session.removeAttribute( j_password); + req.setAttribute(javax.servlet.error.message, + errorPage ); + if( debug0) log( Redirecting to + errorPage ); + contextM.handleStatus( req, res, 302 ); // redirect + return; + } + if( debug 0 ) log(Redirect1: + page + originalUri= + originalLocation );
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
costin 01/08/23 07:59:14 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Fix for # 2148. Thanks [EMAIL PROTECTED] (Mahmoud) Submitted by: [EMAIL PROTECTED] (Mahmoud) Revision ChangesPath 1.13 +6 -0 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- AccessInterceptor.java2001/07/15 23:58:32 1.12 +++ AccessInterceptor.java2001/08/23 14:59:14 1.13 @@ -421,6 +421,12 @@ // It's called in a single thread anyway public synchronized void addContainer(Container ct) { + //bug 2148 + if(patterns=securityPatterns.length) { + Container [] newsecurityPatterns = new Container[MAX_CONSTRAINTS+securityPatterns.length]; + System.arraycopy(securityPatterns,0,newsecurityPatterns,0,securityPatterns.length); + securityPatterns = newsecurityPatterns; + } securityPatterns[ patterns ]= ct; patterns++; }
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
costin 01/07/15 16:58:32 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: AccessInterceptor will now use case-insensitive match for windows. Better safe :-) The main reason is that FileUtil ( which is used right now to do the checks ) is fine as long as someone is calling it - we do call it in StaticInterceptor, but what if the user defines a servlet to handle static files ? ( there are many other cases where this will help ) Revision ChangesPath 1.12 +40 -7 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- AccessInterceptor.java2001/05/21 04:22:32 1.11 +++ AccessInterceptor.java2001/07/15 23:58:32 1.12 @@ -60,7 +60,7 @@ package org.apache.tomcat.modules.aaa; import org.apache.tomcat.core.*; -import org.apache.tomcat.util.buf.MessageBytes; +import org.apache.tomcat.util.buf.*; import org.apache.tomcat.util.io.FileUtil; import org.apache.tomcat.util.http.*; import java.util.*; @@ -93,8 +93,19 @@ int reqTransportNote; public AccessInterceptor() { + ignoreCase= (File.separatorChar == '\\'); } +// Ingore case +boolean ignoreCase=false; + +/** Use case insensitive match, for windows and + similar platforms +*/ +public void setIgnoreCase( boolean b ) { + ignoreCase=b; +} + /* Initialization */ /** Set the context manager. To keep it simple we don't support @@ -258,6 +269,12 @@ if( ctxSec==null || ctxSec.patterns==0 ) return 0; // fast exit String reqURI = req.requestURI().toString(); + + /* We don't need this if we normalize the path +if( reqURI.indexOf( // ) = 0 ) +return 403; + */ + String path=reqURI.substring( ctxPathLen); String method=req.method().toString(); @@ -337,7 +354,7 @@ if( ctMethods != null ctMethods.length 0 ) { boolean ok=false; for( int i=0; i ctMethods.length; i++ ) { - if( method.equals( ctMethods[i] ) ) { + if( method.equalsIgnoreCase( ctMethods[i] ) ) { ok=true; break; } @@ -361,15 +378,31 @@ // if more can be matched in the path, include matching the '/' if( path.length() matchLen ) matchLen++; - for( int i=0; i matchLen ; i++ ) { - if( path.charAt( i ) != ctPath.charAt( i )) - return false; + if( ignoreCase ) { + for( int i=0; i matchLen ; i++ ) { + if( Ascii.toLower(path.charAt( i )) != + Ascii.toLower(ctPath.charAt( i ))) + return false; + } + } else { + for( int i=0; i matchLen ; i++ ) { + if( path.charAt( i ) != ctPath.charAt( i )) + return false; + } } return true; case Container.EXTENSION_MAP: - return ctPath.substring( 1 ).equals(FileUtil.getExtension( path )); + if( ignoreCase ) + return ctPath.substring( 1 ). + equalsIgnoreCase(FileUtil.getExtension( path )); + else + return ctPath.substring( 1 ). + equals(FileUtil.getExtension( path )); case Container.PATH_MAP: - return path.equals( ctPath ); + if( ignoreCase ) + return path.equalsIgnoreCase( ctPath ); + else + return path.equals( ctPath ); } return false; }
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
nacho 01/03/09 14:54:07 Modified:src/examples/jsp/security/login login.jsp src/examples/jsp index.html src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Added: src/examples/jsp/security index.jsp Log: Fix for http://nagoya.apache.org/bugzilla/show_bug.cgi?id=539 Added a way to show up the changes throught examples/jsp/security/protected. Reported by: [EMAIL PROTECTED] Revision ChangesPath 1.3 +1 -1 jakarta-tomcat/src/examples/jsp/security/login/login.jsp Index: login.jsp === RCS file: /home/cvs/jakarta-tomcat/src/examples/jsp/security/login/login.jsp,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- login.jsp 2000/10/09 02:38:15 1.2 +++ login.jsp 2001/03/09 22:54:06 1.3 @@ -2,7 +2,7 @@ body h1Login page for examples/h1 -form method="POST" action="j_security_check" +form method="POST" action='%= response.encodeURL("j_security_check")%' Username: input type="text" name="j_username"br Password: input type="password" name="j_password"br br 1.1 jakarta-tomcat/src/examples/jsp/security/index.jsp Index: index.jsp === html !-- Copyright (c) 1999 The Apache Software Foundation. All rights reserved. -- body bgcolor="white" html h1Security Examples/h1 table border=0 trtd a href='%= response.encodeURL("protected/index.jsp") %'Protected Directory, browse it with cookies disabled/abr/ /td/tr trtd a href='protected/index.jsp'Protected Directory, Use with cookies enabled browser/a /td/tr /table /html 1.5 +1 -1 jakarta-tomcat/src/examples/jsp/index.html Index: index.html === RCS file: /home/cvs/jakarta-tomcat/src/examples/jsp/index.html,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- index.html2000/10/09 02:40:01 1.4 +++ index.html2001/03/09 22:54:06 1.5 @@ -152,7 +152,7 @@ tr VALIGN=TOP tdSecuritynbsp;/td -td VALIGN=TOP WIDTH="30%"a href="security/protected"img SRC="../images/execute.gif" HSPACE=4 BORDER=0 align=TOP/aa href="security/protected"Execute/a/td +td VALIGN=TOP WIDTH="30%"a href="security/"img SRC="../images/execute.gif" HSPACE=4 BORDER=0 align=TOP/aa href="security/"Execute/a/td td WIDTH="30%"a href="security/security.html"img SRC="../images/code.gif" HSPACE=4 BORDER=0 height=24 width=24 align=TOP/aa href="security/security.html"Source/a/td /tr 1.8 +11 -4 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- AccessInterceptor.java2001/02/20 03:16:51 1.7 +++ AccessInterceptor.java2001/03/09 22:54:07 1.8 @@ -55,7 +55,7 @@ * * [Additional notices, if required by prior licensing conditions] * - */ + */ package org.apache.tomcat.modules.aaa; @@ -459,7 +459,7 @@ ServerSession session=req.getSession( false ); if( session == null ) { } - + String page=ctx.getFormLoginPage(); String errorPage=ctx.getFormErrorPage(); // assert errorPage!=null ( AccessInterceptor will check @@ -481,8 +481,15 @@ } String originalLocation = req.requestURI().toString(); - if (req.queryString().toString() != null) + if (req.queryString().toString() != null + !req.queryString().toString().equals("")) originalLocation += "?" + req.queryString().toString(); +//XXX is needed to put the JVM route too? +if (req.getSessionIdSource().equals(Request.SESSIONID_FROM_URL)){ +String id=";jsessionid="+req.getSessionId() ; +originalLocation += id ; +page += id ; +} session.setAttribute( "tomcat.auth.originalLocation", originalLocation); if( debug 0 ) @@ -502,7 +509,7 @@ This is called after the user POST the form login page. */ class FormSecurityCheckHandler extends Handler { - + FormSecurityCheckHandler() { // setOrigin( Handler.ORIGIN_INTERNAL ); name="tomcat.formSecurityCheck"; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
costin 01/02/05 22:30:58 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: Use Parameters in AccessInterceptor. Revision ChangesPath 1.5 +9 -2 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- AccessInterceptor.java2001/01/29 07:08:45 1.4 +++ AccessInterceptor.java2001/02/06 06:30:58 1.5 @@ -61,6 +61,7 @@ import org.apache.tomcat.core.*; import org.apache.tomcat.util.*; +import org.apache.tomcat.util.http.*; import java.util.*; import java.io.*; @@ -511,8 +512,14 @@ public void doService(Request req, Response res) throws Exception { - String username=req.getParameter( "j_username" ); - String password=req.getParameter( "j_password" ); + // In order to process the form we need to read the POST + // body, if any + req.handlePostParameters(); + + Parameters params=req.parameters(); + + String username=params.getParameter( "j_username" ); + String password=params.getParameter( "j_password" ); Context ctx=req.getContext(); String errorPage=ctx.getFormErrorPage(); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java
nacho 01/01/09 13:26:08 Modified:src/share/org/apache/tomcat/modules/aaa AccessInterceptor.java Log: A typo ( a cruel one :) Revision ChangesPath 1.3 +1 -1 jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java Index: AccessInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/aaa/AccessInterceptor.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- AccessInterceptor.java2001/01/01 02:07:23 1.2 +++ AccessInterceptor.java2001/01/09 21:26:07 1.3 @@ -307,7 +307,7 @@ return DECLINED; // no user roles - can't handle for( int i=0; i userRoles.length; i ++ ) { - for( int j=0; j roles.length; i ++ ) + for( int j=0; j roles.length; j ++ ) if( userRoles[i]!=null userRoles[i].equals( roles[j] )) return OK; // found the right role } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]