luehe 2005/04/01 13:18:28
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Do not add context path to login and error pages, since we are
comparing them against request.getRequestPathMB().toString(),
which does not include context path.
luehe 2005/03/02 11:27:11
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Consider the case where original request was mapped to welcome page.
In this case, the mapped welcome page (and not the original request
URI!) needs to be the target of
[EMAIL PROTECTED] wrote:
luehe 2005/03/02 11:27:11
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Consider the case where original request was mapped to welcome page.
In this case, the mapped welcome page (and not the original request
URI!) needs to
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List tomcat-dev@jakarta.apache.org
Sent: Wednesday, March 02, 2005 11:56 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
[EMAIL PROTECTED
Bill/Remy,
Bill Barker wrote:
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List tomcat-dev@jakarta.apache.org
Sent: Wednesday, March 02, 2005 11:56 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
Jan Luehe wrote:
Bill/Remy,
But SRV.9.10 (Welcome Files) already has this:
The container may send the request to the welcome resource with
a forward, a redirect, or a container specific mechanism
**that is indistinguishable from a direct request**.
The latter to me implies that any sec
- Original Message -
From: Jan Luehe [EMAIL PROTECTED]
To: Tomcat Developers List tomcat-dev@jakarta.apache.org
Sent: Wednesday, March 02, 2005 12:51 PM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
Bill/Remy,
Bill Barker
Remy,
Remy Maucherat wrote:
Jan Luehe wrote:
Bill/Remy,
But SRV.9.10 (Welcome Files) already has this:
The container may send the request to the welcome resource with
a forward, a redirect, or a container specific mechanism
**that is indistinguishable from a direct request**.
The
Jan Luehe wrote:
Remy,
Remy Maucherat wrote:
Jan Luehe wrote:
Bill/Remy,
But SRV.9.10 (Welcome Files) already has this:
The container may send the request to the welcome resource with
a forward, a redirect, or a container specific mechanism
**that is indistinguishable from a direct request**.
The
Bill,
Bill Barker wrote:
- Original Message -
From: Jan Luehe [EMAIL PROTECTED]
To: Tomcat Developers List tomcat-dev@jakarta.apache.org
Sent: Wednesday, March 02, 2005 12:51 PM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
pero2005/01/06 12:15:23
Modified:catalina/src/share/org/apache/catalina/realm Tag: TOMCAT_5_0
RealmBase.java
Log:
Hups a strange typo..
Revision ChangesPath
No revision
No revision
1.33.2.4 +2 -2
markt 2004/10/25 11:31:57
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Enable digested credentials to be used with DIGEST authentication
- The credentials must be the MD5 digest of
username:realmname:password
Note: The digests that must
remm2004/10/05 00:54:07
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- Refactor the commented out sys outs as a debug logging statement.
Revision ChangesPath
1.39 +9 -18
yoavs 2004/08/30 13:31:42
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Better null checking in RealmBase#findSecurityConstraints: see Bugzlla 30624.
Revision ChangesPath
1.37 +65 -5
yoavs 2004/05/26 08:51:25
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Minor JavaDoc fixes (Bugzilla 28335)
Revision ChangesPath
1.33 +4 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
luehe 2004/04/19 13:42:01
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Exempt welcome pages from any security-constraint checks.
The Servlet 2.4 spec does not require this (and there are no CTS tests
for this), but it seems like a reasonable
[EMAIL PROTECTED] wrote:
luehe 2004/04/19 13:42:01
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Exempt welcome pages from any security-constraint checks.
The Servlet 2.4 spec does not require this (and there are no CTS tests
for this), but it
luehe 2004/04/19 16:13:08
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Reverted previous patch
Revision ChangesPath
1.32 +2 -27
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
Index:
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 19, 2004 1:42 PM
Subject: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
luehe 2004/04/19 13:42:01
Modified:catalina/src/share/org
[EMAIL PROTECTED] wrote:
billbarker2004/02/06 21:54:32
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Went back and re-read the spec.
A url-pattern of /protected/* must match a request for /protected. Hence a special case for this one.
Revision
billbarker2004/02/06 21:24:08
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Fix stupid off-by-one bug.
Before, a url-pattern of /s/* would match /simon/rant.html
Reported by: Yann Cebron [EMAIL PROTECTED]
Revision ChangesPath
1.28
billbarker2004/02/06 21:54:32
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Went back and re-read the spec.
A url-pattern of /protected/* must match a request for /protected. Hence a special
case for this one.
Revision ChangesPath
1.29
luehe 2004/01/21 10:46:19
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Fix for Bugtraq 4932547: Replaced SC_INTERNAL_SERVER_ERROR with
SC_FORBIDDEN if anonymous access (caused by missing
login-config/auth-method in web.xml) is not allowed
Bill Barker wrote:
remm2004/01/10 09:23:39
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- findMethod wasn't called on the right collection.
- The algorithm ignored extension mapped constraints as long as a
widcard
or exact mapped constraint was
remm2004/01/11 01:23:42
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- Ooops. Put back the if(found) blocks.
Revision ChangesPath
1.25 +11 -11
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
[EMAIL PROTECTED] wrote:
remm2004/01/11 01:23:42
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- Ooops. Put back the if(found) blocks.
I left in some of my changes:
@@ -457,10 +457,7 @@
// Check each defined security constraint
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Sunday, January 11, 2004 1:27 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
[EMAIL PROTECTED] wrote:
remm
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Sunday, January 11, 2004 1:18 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
Bill Barker wrote:
remm
remm2004/01/10 09:23:39
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- findMethod wasn't called on the right collection.
- The algorithm ignored extension mapped constraints as long as a widcard
or exact mapped constraint was found. This
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, January 10, 2004 9:23 AM
Subject: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
remm2004/01/10 09:23:39
Modified:catalina/src/share/org
remm2003/12/26 09:33:44
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- Fix nasty cut paste bug in the algorithm.
- I found this because there was no longer any challenge on many URLs
when accessing the manager webapp.
Revision Changes
in message
news:[EMAIL PROTECTED]
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 1:40 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
Bill Barker wrote:
N.B. The Filter mapping code looks broken to me. It looks like if I have a
mapping for a url-pattern '*.jsp' that has dispatcherINCLUDE/dispatcher,
then it will incorrectly match a jsp:include page=header.jspf /.
However, I haven't actually tested it. :).
I think there's an
Remy Maucherat wrote:
Bill Barker wrote:
N.B. The Filter mapping code looks broken to me. It looks like if I
have a
mapping for a url-pattern '*.jsp' that has
dispatcherINCLUDE/dispatcher,
then it will incorrectly match a jsp:include page=header.jspf /.
However, I haven't actually tested it.
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 11:55 PM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
Remy Maucherat wrote
[EMAIL PROTECTED] wrote:
billbarker2003/12/10 21:50:39
Modified:catalina/src/share/org/apache/catalina Realm.java
catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java catalina/src/share/org/apache/catalina/realm
RealmBase.java Log: First attempt to get Tomcat
Hi,
I've been refactoring the piece of code I sent last time, and I've got that
now :
- the following method just replaces the
findSecurityConstraints(HttpRequest request, Context context) method in
RealmBase
- there is this static Map cache which caches the fake Constraints
mapped to
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Thursday, December 11, 2003 1:40 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
[EMAIL PROTECTED] wrote
Bill Barker wrote:
[EMAIL PROTECTED] wrote:
billbarker2003/12/10 21:50:39
Modified:catalina/src/share/org/apache/catalina Realm.java
catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java catalina/src/share/org/apache/catalina/realm
RealmBase.java Log: First attempt
billbarker2003/12/11 22:16:18
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Getting back to strict compliance with the Spec for AAA.
My last patch included and illegal optimization (check methods before checking
path). Now methods are correctly
billbarker2003/12/11 22:24:36
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Trying to escape the dreaded tap-police ;-).
No functional changes.
Revision ChangesPath
1.22 +9 -9
commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
[EMAIL PROTECTED] wrote:
amyroh 2003/12/08 17:54:33
Modified:catalina/src/share/org/apache/catalina/core
ApplicationFilterFactory.java
catalina
billbarker2003/12/10 21:50:39
Modified:catalina/src/share/org/apache/catalina Realm.java
catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
[EMAIL PROTECTED] wrote:
amyroh 2003/12/08 16:50:58
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Strip out uri parameters (;*) during filter mappings or security constraints
matching - bugtraq 4903209.
-1 for all these patches. I'd like an explanation
[EMAIL PROTECTED] wrote:
amyroh 2003/12/08 17:54:33
Modified:catalina/src/share/org/apache/catalina/core
ApplicationFilterFactory.java
catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Revert the patch. Seems like this case is
How do I join as Developer...
Basu.
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 3:12 PM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
amyroh 2003/12/08 17:54:33
Modified:catalina/src/share/org/apache/catalina/core
ApplicationFilterFactory.java
catalina/src/share/org/apache/catalina/realm
RealmBase.java
Log:
Revert the patch.
amyroh 2003/12/08 16:50:58
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Strip out uri parameters (;*) during filter mappings or security constraints
matching - bugtraq 4903209.
Revision ChangesPath
1.18 +16 -4
amyroh 2003/12/08 17:54:33
Modified:catalina/src/share/org/apache/catalina/core
ApplicationFilterFactory.java
catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Revert the patch. Seems like this case is already handled in the
billbarker2003/08/25 21:04:56
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Simplifying the code by hiding the arrayCopy. No real functional changes.
Revision ChangesPath
1.15 +5 -5
remm2003/08/26 01:46:48
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- Bug 22698: Restore RealmBase.main(). There doesn't seem to be any side
effect, so there's no reason to remove it at this time.
Revision ChangesPath
1.16 +23
remm2003/05/27 10:02:36
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- Refactor without using SSL URLs, similar to what is done for sendRedirect.
Revision ChangesPath
1.13 +15 -22
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 27, 2003 10:02 AM
Subject: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java
remm2003/05/27 10:02:36
Modified:catalina/src/share/org
costin 2003/03/20 07:57:40
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Simplify ( refactored common operations )
Start work on unregistration.
Revision ChangesPath
1.8 +18 -29
costin 2003/03/17 11:24:13
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
Registration.
I also commented out main() - if it is really used, it should be in a separate
class - in startup for example.
The main() in Embeded should also be removed
remm2002/08/15 10:47:04
Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
Log:
- Remove double URI decoding.
- This could improve performance as well as fix i18n issues.
- This may have been a security issue.
- Reported by Juergen Pill Juergen.Pill at
56 matches
Mail list logo
