craigmcc 01/03/13 18:17:23
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java FormAuthenticator.java
catalina/src/share/org/apache/catalina/connector
HttpRequestBase.java HttpResponseBase.java
catalina/src/share/org/apache/catalina/core
StandardContextValve.java
catalina/src/share/org/apache/catalina/session
ManagerBase.java PersistentManager.java
StandardSession.java
Log:
Restore the correct operation of form-based login.
The problem was caused by the following scenario:
- Form based login authenticator would create a session in which to
cache the original request while sending the login page
- The access() method of the new session was being called, which set
the "isNew" property to false, even though the session id had not
yet been communicated to the client
- Because isNew was false, the session id cookie was never sent
- When the form login page was received and processed, and the user
correctly authenticated, no session id was included -- so the cached
original request could not be recovered. This triggered an
"Error 400 - Bad Request" error
As a side effect of this change, the last accessed time of a session is
now correctly updated at the beginning of each request, whether or not the
servlet actually calls request.getSession() to acquire a reference to it.
See Servlet Specification, version 2.3 (PFD), Section 7.6 (p. 51).
Revision Changes Path
1.8 +5 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- AuthenticatorBase.java 2001/01/23 02:53:02 1.7
+++ AuthenticatorBase.java 2001/03/14 02:17:20 1.8
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.7 2001/01/23 02:53:02 craigmcc Exp $
- * $Revision: 1.7 $
- * $Date: 2001/01/23 02:53:02 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.8 2001/03/14 02:17:20 craigmcc Exp $
+ * $Revision: 1.8 $
+ * $Date: 2001/03/14 02:17:20 $
*
* ====================================================================
*
@@ -117,7 +117,7 @@
* requests. Requests of any other type will simply be passed through.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.7 $ $Date: 2001/01/23 02:53:02 $
+ * @version $Revision: 1.8 $ $Date: 2001/03/14 02:17:20 $
*/
@@ -167,7 +167,7 @@
/**
* The debugging detail level for this component.
*/
- protected int debug = 0;
+ protected int debug = 99;
/**
1.7 +25 -8
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
Index: FormAuthenticator.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- FormAuthenticator.java 2000/12/16 04:03:29 1.6
+++ FormAuthenticator.java 2001/03/14 02:17:20 1.7
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
1.6 2000/12/16 04:03:29 craigmcc Exp $
- * $Revision: 1.6 $
- * $Date: 2000/12/16 04:03:29 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
1.7 2001/03/14 02:17:20 craigmcc Exp $
+ * $Revision: 1.7 $
+ * $Date: 2001/03/14 02:17:20 $
*
* ====================================================================
*
@@ -88,7 +88,7 @@
* Authentication, as described in the Servlet API Specification, Version 2.2.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.6 $ $Date: 2000/12/16 04:03:29 $
+ * @version $Revision: 1.7 $ $Date: 2001/03/14 02:17:20 $
*/
public final class FormAuthenticator
@@ -142,8 +142,12 @@
// Have we already authenticated someone?
Principal principal =
((HttpServletRequest) request.getRequest()).getUserPrincipal();
- if (principal != null)
+ if (principal != null) {
+ if (debug >= 1)
+ log("Already authenticated '" +
+ principal.getName() + "'");
return (true);
+ }
// Acquire references to objects we will need to evaluate
HttpServletRequest hreq =
@@ -159,8 +163,11 @@
// displaying it twice (from the user's perspective) -- once because
// of the "save and redirect" and once because of the "restore and
// redirect" performed below.
- if (requestURI.equals(contextPath + config.getLoginPage()))
+ if (requestURI.equals(contextPath + config.getLoginPage())) {
+ if (debug >= 1)
+ log("Requesting login page normally");
return (true); // Display the login page in the usual manner
+ }
// Is this the action request from the login page?
boolean loginAction =
@@ -170,6 +177,8 @@
// No -- Save this request and redirect to the form login page
if (!loginAction) {
session = getSession(request, true);
+ if (debug >= 1)
+ log("Save request in session '" + session.getId() + "'");
saveRequest(request, session);
request.setRequestURI(contextPath + config.getLoginPage());
return (true); // Display the login page in the usual manner
@@ -182,6 +191,8 @@
String password = hreq.getParameter(Constants.FORM_PASSWORD);
principal = realm.authenticate(username, password);
if (principal == null) {
+ if (debug >= 1)
+ log("Authentication failed, show error page");
request.setRequestURI(contextPath + config.getErrorPage());
return (true); // Display the error page in the usual manner
}
@@ -189,10 +200,16 @@
// Restore this request and redirect to the original request URI
session = getSession(request, true);
+ if (debug >= 1)
+ log("restore request from session '" + session.getId() + "'");
register(request, response, principal, Constants.FORM_METHOD);
- if (restoreRequest(request, session))
+ if (restoreRequest(request, session)) {
+ if (debug >= 1)
+ log("Proceed to restored request");
return (true); // Perform the original request
- else {
+ } else {
+ if (debug >= 1)
+ log("Restore of original request failed");
hres.sendError(HttpServletResponse.SC_BAD_REQUEST);
// hres.flushBuffer();
return (false);
1.17 +4 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
Index: HttpRequestBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- HttpRequestBase.java 2001/02/04 00:47:59 1.16
+++ HttpRequestBase.java 2001/03/14 02:17:21 1.17
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.16 2001/02/04 00:47:59 glenn Exp $
- * $Revision: 1.16 $
- * $Date: 2001/02/04 00:47:59 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.17 2001/03/14 02:17:21 craigmcc Exp $
+ * $Revision: 1.17 $
+ * $Date: 2001/03/14 02:17:21 $
*
* ====================================================================
*
@@ -100,7 +100,7 @@
* be implemented.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.16 $ $Date: 2001/02/04 00:47:59 $
+ * @version $Revision: 1.17 $ $Date: 2001/03/14 02:17:21 $
*/
public class HttpRequestBase
@@ -1042,7 +1042,6 @@
if ((session != null) && !session.isValid())
session = null;
if (session != null) {
- session.access();
return (session.getSession());
}
}
1.28 +12 -12
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java
Index: HttpResponseBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- HttpResponseBase.java 2001/02/04 00:48:21 1.27
+++ HttpResponseBase.java 2001/03/14 02:17:21 1.28
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
1.27 2001/02/04 00:48:21 glenn Exp $
- * $Revision: 1.27 $
- * $Date: 2001/02/04 00:48:21 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
1.28 2001/03/14 02:17:21 craigmcc Exp $
+ * $Revision: 1.28 $
+ * $Date: 2001/03/14 02:17:21 $
*
* ====================================================================
*
@@ -99,7 +99,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.27 $ $Date: 2001/02/04 00:48:21 $
+ * @version $Revision: 1.28 $ $Date: 2001/03/14 02:17:21 $
*/
public class HttpResponseBase
@@ -541,9 +541,9 @@
outputWriter.print(message);
}
outputWriter.print("\r\n");
- // System.out.println("sendHeaders: " +
- // request.getRequest().getProtocol() +
- // " " + status + " " + message);
+ // System.out.println("sendHeaders: " +
+ // request.getRequest().getProtocol() +
+ // " " + status + " " + message);
// Send the content-length and content-type headers (if any)
if (getContentType() != null) {
@@ -604,17 +604,17 @@
outputWriter.print(": ");
outputWriter.print(CookieTools.getCookieHeaderValue(cookie));
outputWriter.print("\r\n");
- // System.out.println(" " +
- // CookieTools.getCookieHeaderName(cookie) +
- // ": " +
- // CookieTools.getCookieHeaderValue(cookie));
+ //System.out.println(" " +
+ // CookieTools.getCookieHeaderName(cookie) +
+ // ": " +
+ // CookieTools.getCookieHeaderValue(cookie));
}
}
// Send a terminating blank line to mark the end of the headers
outputWriter.print("\r\n");
outputWriter.flush();
- // System.out.println("----------");
+ // System.out.println("----------");
// The response is now committed
committed = true;
1.8 +21 -9
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java
Index: StandardContextValve.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- StandardContextValve.java 2001/01/25 18:36:26 1.7
+++ StandardContextValve.java 2001/03/14 02:17:21 1.8
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v
1.7 2001/01/25 18:36:26 remm Exp $
- * $Revision: 1.7 $
- * $Date: 2001/01/25 18:36:26 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v
1.8 2001/03/14 02:17:21 craigmcc Exp $
+ * $Revision: 1.8 $
+ * $Date: 2001/03/14 02:17:21 $
*
* ====================================================================
*
@@ -73,8 +73,10 @@
import javax.naming.NamingException;
import org.apache.naming.ContextBindings;
import org.apache.catalina.Container;
+import org.apache.catalina.Manager;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
+import org.apache.catalina.Session;
import org.apache.catalina.ValveContext;
import org.apache.catalina.Wrapper;
import org.apache.catalina.util.StringManager;
@@ -89,7 +91,7 @@
* when processing HTTP requests.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.7 $ $Date: 2001/01/25 18:36:26 $
+ * @version $Revision: 1.8 $ $Date: 2001/03/14 02:17:21 $
*/
final class StandardContextValve
@@ -152,10 +154,9 @@
}
// Disallow any direct access to resources under WEB-INF or META-INF
- String contextPath =
- ((HttpServletRequest) request.getRequest()).getContextPath();
- String requestURI =
- ((HttpServletRequest) request.getRequest()).getRequestURI();
+ HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
+ String contextPath = hreq.getContextPath();
+ String requestURI = hreq.getRequestURI();
String relativeURI =
requestURI.substring(contextPath.length()).toUpperCase();
if (relativeURI.equals("/META-INF") ||
@@ -171,8 +172,19 @@
return;
}
- // Select the Wrapper to be used for this Request
+ // Update the session last access time for our session (if any)
StandardContext context = (StandardContext) getContainer();
+ String sessionId = hreq.getRequestedSessionId();
+ if (sessionId != null) {
+ Manager manager = context.getManager();
+ if (manager != null) {
+ Session session = manager.findSession(sessionId);
+ if ((session != null) && session.isValid())
+ session.access();
+ }
+ }
+
+ // Select the Wrapper to be used for this Request
Wrapper wrapper = (Wrapper) context.map(request, true);
if (wrapper == null) {
notFound(requestURI, (HttpServletResponse) response.getResponse());
1.5 +4 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java
Index: ManagerBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ManagerBase.java 2001/02/03 20:36:20 1.4
+++ ManagerBase.java 2001/03/14 02:17:22 1.5
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
1.4 2001/02/03 20:36:20 remm Exp $
- * $Revision: 1.4 $
- * $Date: 2001/02/03 20:36:20 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
1.5 2001/03/14 02:17:22 craigmcc Exp $
+ * $Revision: 1.5 $
+ * $Date: 2001/03/14 02:17:22 $
*
* ====================================================================
*
@@ -86,7 +86,7 @@
* be subclassed to create more sophisticated Manager implementations.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.4 $ $Date: 2001/02/03 20:36:20 $
+ * @version $Revision: 1.5 $ $Date: 2001/03/14 02:17:22 $
*/
public abstract class ManagerBase implements Manager {
@@ -547,8 +547,6 @@
return (null);
synchronized (sessions) {
Session session = (Session) sessions.get(id);
- if (session != null)
- session.access();
return (session);
}
1.2 +4 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java
Index: PersistentManager.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- PersistentManager.java 2001/02/03 20:36:21 1.1
+++ PersistentManager.java 2001/03/14 02:17:22 1.2
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v
1.1 2001/02/03 20:36:21 remm Exp $
- * $Revision: 1.1 $
- * $Date: 2001/02/03 20:36:21 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v
1.2 2001/03/14 02:17:22 craigmcc Exp $
+ * $Revision: 1.2 $
+ * $Date: 2001/03/14 02:17:22 $
*
* ====================================================================
*
@@ -106,7 +106,7 @@
* <li>Limit the number of active sessions kept in memory by
* swapping less active sessions out to disk.</li>
*
- * @version $Revision: 1.1 $
+ * @version $Revision: 1.2 $
* @author Kief Morris ([EMAIL PROTECTED])
*/
@@ -464,8 +464,6 @@
maxIdleBackup >= 0)
session = swapIn(id);
- if (session != null)
- session.access();
return (session);
}
1.14 +5 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java
Index: StandardSession.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- StandardSession.java 2001/02/06 17:12:26 1.13
+++ StandardSession.java 2001/03/14 02:17:22 1.14
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
1.13 2001/02/06 17:12:26 craigmcc Exp $
- * $Revision: 1.13 $
- * $Date: 2001/02/06 17:12:26 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
1.14 2001/03/14 02:17:22 craigmcc Exp $
+ * $Revision: 1.14 $
+ * $Date: 2001/03/14 02:17:22 $
*
* ====================================================================
*
@@ -110,7 +110,7 @@
* @author Craig R. McClanahan
* @author Sean Legassick
* @author <a href="mailto:[EMAIL PROTECTED]">Jon S. Stevens</a>
- * @version $Revision: 1.13 $ $Date: 2001/02/06 17:12:26 $
+ * @version $Revision: 1.14 $ $Date: 2001/03/14 02:17:22 $
*/
class StandardSession
@@ -481,7 +481,7 @@
*/
public void access() {
- this.isNew = false;
+ this.isNew = false;
this.lastAccessedTime = this.thisAccessedTime;
this.thisAccessedTime = System.currentTimeMillis();
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
