AccessInterceptor bug

Dragos CERNAHOSCHI Tue, 06 Feb 2001 23:55:22 -0800
Hi

 ...I've tried to modify AccessInterceptor in order to use FORM
 authentication WITHOUT enabling cookies.
 The appended code stays between //HERE IS THE DIFFERENCE & // SOFTWIN: THE
 DIFFERENCE ENDS HERE. Unfortunately, I didn't succeed in copiling it. Could
 you take a look and  eventually send me back a "fixed" Tomcat?

  ...
 // SOFTWIN: HERE IS THE DIFFERENCE
  boolean noCookies=false;

  public void setNoCookies(boolean noCookies) {
         this.noCookies = noCookies;
  }
 // SOFTWIN: THE DIFFERENCE ENDS HERE
  ...
  class FormAuthHandler extends ServletWrapper {

     FormAuthHandler() {
         initialized=true;
         internal=true;
         name="tomcat.formAuthHandler";
     }

     public void doService(Request req, Response res)
         throws Exception
     {
         Context ctx=req.getContext();

         HttpSession session=req.getSession( false );
         if( session == null ) {
         }

         String page=ctx.getFormLoginPage();
         String errorPage=ctx.getFormErrorPage();
         // assert errorPage!=null ( AccessInterceptor will check
         // that and enable form login only if everything is ok

         session=req.getSession( true );
         String username=(String)session.getAttribute( "j_username" );

         if( debug>0) log( "Username = " + username);
         if( username != null ) {
             // 401 with existing j_username - that means wrong credentials.
             // Next time we'll have a fresh start
             session.removeAttribute( "j_username");
             session.removeAttribute( "j_password");
             req.setAttribute("javax.servlet.error.message",
                              errorPage );
             contextM.handleStatus( req, res, 302 ); // redirect
             return;
         }

     String originalLocation = req.getRequestURI();

 // SOFTWIN: HERE IS THE DIFFERENCE
         if (noCookies)
         {
                 originalLocation+="jsessionid="+session.getId();
         }
 // SOFTWIN: THE DIFFERENCE ENDS HERE

         if (req.getQueryString() != null)
             originalLocation += "?" + req.getQueryString();

         session.setAttribute( "tomcat.auth.originalLocation",
                               originalLocation);
         if( debug > 0 )
             log("Redirect1: " + page  + " originalUri=" +
req.getRequestURI());

         req.setAttribute("javax.servlet.error.message",
                          page );
         contextM.handleStatus( req, res, 302 ); // redirect
         return;
     }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
AccessInterceptor bug

Reply via email to
