Author: markt
Date: Wed Oct 5 13:52:58 2016
New Revision: 1763450
URL: http://svn.apache.org/viewvc?rev=1763450&view=rev
Log:
Ensure that the isMandatory flag is correctly set when using JASPIC
authentication.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1763450&r1=1763449&r2=1763450&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Wed Oct 5 13:52:58 2016
@@ -506,23 +506,26 @@ public abstract class AuthenticatorBase
// Since authenticate modifies the response on failure,
// we have to check for allow-from-all first.
- if (!authRequired && constraints != null) {
- authRequired = true;
- for (int i = 0; i < constraints.length && authRequired; i++) {
+ boolean hasAuthConstraint = false;
+ if (constraints != null) {
+ hasAuthConstraint = true;
+ for (int i = 0; i < constraints.length && hasAuthConstraint; i++) {
if (!constraints[i].getAuthConstraint()) {
- authRequired = false;
- break;
+ hasAuthConstraint = false;
} else if (!constraints[i].getAllRoles() &&
!constraints[i].getAuthenticatedUsers()) {
String[] roles = constraints[i].findAuthRoles();
if (roles == null || roles.length == 0) {
- authRequired = false;
- break;
+ hasAuthConstraint = false;
}
}
}
}
+ if (!authRequired && hasAuthConstraint) {
+ authRequired = true;
+ }
+
if (!authRequired && context.getPreemptiveAuthentication()) {
authRequired =
request.getCoyoteRequest().getMimeHeaders().getValue("authorization") != null;
@@ -542,7 +545,7 @@ public abstract class AuthenticatorBase
}
if (jaspicProvider != null) {
- jaspicState = getJaspicState(jaspicProvider, request,
response);
+ jaspicState = getJaspicState(jaspicProvider, request,
response, hasAuthConstraint);
if (jaspicState == null) {
return;
}
@@ -601,7 +604,7 @@ public abstract class AuthenticatorBase
return doAuthenticate(request, httpResponse);
} else {
Response response = request.getResponse();
- JaspicState jaspicState = getJaspicState(jaspicProvider, request,
response);
+ JaspicState jaspicState = getJaspicState(jaspicProvider, request,
response, true);
if (jaspicState == null) {
return false;
}
@@ -627,11 +630,11 @@ public abstract class AuthenticatorBase
private JaspicState getJaspicState(AuthConfigProvider jaspicProvider,
Request request,
- Response response) throws IOException {
+ Response response, boolean authMandatory) throws IOException {
JaspicState jaspicState = new JaspicState();
jaspicState.messageInfo =
- new MessageInfoImpl(request.getRequest(),
response.getResponse(), true);
+ new MessageInfoImpl(request.getRequest(),
response.getResponse(), authMandatory);
try {
ServerAuthConfig serverAuthConfig =
jaspicProvider.getServerAuthConfig(
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1763450&r1=1763449&r2=1763450&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Oct 5 13:52:58 2016
@@ -117,6 +117,10 @@
where the current class loader is a child of the web application class
loader. (markt)
</fix>
+ <fix>
+ <bug>60196</bug>: Ensure that the <code>isMandatory</code> flag is
+ correctly set when using JASPIC authentication. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
