craigmcc 01/03/13 18:17:23 Modified: catalina/src/share/org/apache/catalina/authenticator AuthenticatorBase.java FormAuthenticator.java catalina/src/share/org/apache/catalina/connector HttpRequestBase.java HttpResponseBase.java catalina/src/share/org/apache/catalina/core StandardContextValve.java catalina/src/share/org/apache/catalina/session ManagerBase.java PersistentManager.java StandardSession.java Log: Restore the correct operation of form-based login. The problem was caused by the following scenario: - Form based login authenticator would create a session in which to cache the original request while sending the login page - The access() method of the new session was being called, which set the "isNew" property to false, even though the session id had not yet been communicated to the client - Because isNew was false, the session id cookie was never sent - When the form login page was received and processed, and the user correctly authenticated, no session id was included -- so the cached original request could not be recovered. This triggered an "Error 400 - Bad Request" error As a side effect of this change, the last accessed time of a session is now correctly updated at the beginning of each request, whether or not the servlet actually calls request.getSession() to acquire a reference to it. See Servlet Specification, version 2.3 (PFD), Section 7.6 (p. 51). Revision Changes Path 1.8 +5 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java Index: AuthenticatorBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- AuthenticatorBase.java 2001/01/23 02:53:02 1.7 +++ AuthenticatorBase.java 2001/03/14 02:17:20 1.8 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.7 2001/01/23 02:53:02 craigmcc Exp $ - * $Revision: 1.7 $ - * $Date: 2001/01/23 02:53:02 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v 1.8 2001/03/14 02:17:20 craigmcc Exp $ + * $Revision: 1.8 $ + * $Date: 2001/03/14 02:17:20 $ * * ==================================================================== * @@ -117,7 +117,7 @@ * requests. Requests of any other type will simply be passed through. * * @author Craig R. McClanahan - * @version $Revision: 1.7 $ $Date: 2001/01/23 02:53:02 $ + * @version $Revision: 1.8 $ $Date: 2001/03/14 02:17:20 $ */ @@ -167,7 +167,7 @@ /** * The debugging detail level for this component. */ - protected int debug = 0; + protected int debug = 99; /** 1.7 +25 -8 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java Index: FormAuthenticator.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- FormAuthenticator.java 2000/12/16 04:03:29 1.6 +++ FormAuthenticator.java 2001/03/14 02:17:20 1.7 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v 1.6 2000/12/16 04:03:29 craigmcc Exp $ - * $Revision: 1.6 $ - * $Date: 2000/12/16 04:03:29 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v 1.7 2001/03/14 02:17:20 craigmcc Exp $ + * $Revision: 1.7 $ + * $Date: 2001/03/14 02:17:20 $ * * ==================================================================== * @@ -88,7 +88,7 @@ * Authentication, as described in the Servlet API Specification, Version 2.2. * * @author Craig R. McClanahan - * @version $Revision: 1.6 $ $Date: 2000/12/16 04:03:29 $ + * @version $Revision: 1.7 $ $Date: 2001/03/14 02:17:20 $ */ public final class FormAuthenticator @@ -142,8 +142,12 @@ // Have we already authenticated someone? Principal principal = ((HttpServletRequest) request.getRequest()).getUserPrincipal(); - if (principal != null) + if (principal != null) { + if (debug >= 1) + log("Already authenticated '" + + principal.getName() + "'"); return (true); + } // Acquire references to objects we will need to evaluate HttpServletRequest hreq = @@ -159,8 +163,11 @@ // displaying it twice (from the user's perspective) -- once because // of the "save and redirect" and once because of the "restore and // redirect" performed below. - if (requestURI.equals(contextPath + config.getLoginPage())) + if (requestURI.equals(contextPath + config.getLoginPage())) { + if (debug >= 1) + log("Requesting login page normally"); return (true); // Display the login page in the usual manner + } // Is this the action request from the login page? boolean loginAction = @@ -170,6 +177,8 @@ // No -- Save this request and redirect to the form login page if (!loginAction) { session = getSession(request, true); + if (debug >= 1) + log("Save request in session '" + session.getId() + "'"); saveRequest(request, session); request.setRequestURI(contextPath + config.getLoginPage()); return (true); // Display the login page in the usual manner @@ -182,6 +191,8 @@ String password = hreq.getParameter(Constants.FORM_PASSWORD); principal = realm.authenticate(username, password); if (principal == null) { + if (debug >= 1) + log("Authentication failed, show error page"); request.setRequestURI(contextPath + config.getErrorPage()); return (true); // Display the error page in the usual manner } @@ -189,10 +200,16 @@ // Restore this request and redirect to the original request URI session = getSession(request, true); + if (debug >= 1) + log("restore request from session '" + session.getId() + "'"); register(request, response, principal, Constants.FORM_METHOD); - if (restoreRequest(request, session)) + if (restoreRequest(request, session)) { + if (debug >= 1) + log("Proceed to restored request"); return (true); // Perform the original request - else { + } else { + if (debug >= 1) + log("Restore of original request failed"); hres.sendError(HttpServletResponse.SC_BAD_REQUEST); // hres.flushBuffer(); return (false); 1.17 +4 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java Index: HttpRequestBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- HttpRequestBase.java 2001/02/04 00:47:59 1.16 +++ HttpRequestBase.java 2001/03/14 02:17:21 1.17 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.16 2001/02/04 00:47:59 glenn Exp $ - * $Revision: 1.16 $ - * $Date: 2001/02/04 00:47:59 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v 1.17 2001/03/14 02:17:21 craigmcc Exp $ + * $Revision: 1.17 $ + * $Date: 2001/03/14 02:17:21 $ * * ==================================================================== * @@ -100,7 +100,7 @@ * be implemented. * * @author Craig R. McClanahan - * @version $Revision: 1.16 $ $Date: 2001/02/04 00:47:59 $ + * @version $Revision: 1.17 $ $Date: 2001/03/14 02:17:21 $ */ public class HttpRequestBase @@ -1042,7 +1042,6 @@ if ((session != null) && !session.isValid()) session = null; if (session != null) { - session.access(); return (session.getSession()); } } 1.28 +12 -12 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java Index: HttpResponseBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- HttpResponseBase.java 2001/02/04 00:48:21 1.27 +++ HttpResponseBase.java 2001/03/14 02:17:21 1.28 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v 1.27 2001/02/04 00:48:21 glenn Exp $ - * $Revision: 1.27 $ - * $Date: 2001/02/04 00:48:21 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v 1.28 2001/03/14 02:17:21 craigmcc Exp $ + * $Revision: 1.28 $ + * $Date: 2001/03/14 02:17:21 $ * * ==================================================================== * @@ -99,7 +99,7 @@ * * @author Craig R. McClanahan * @author Remy Maucherat - * @version $Revision: 1.27 $ $Date: 2001/02/04 00:48:21 $ + * @version $Revision: 1.28 $ $Date: 2001/03/14 02:17:21 $ */ public class HttpResponseBase @@ -541,9 +541,9 @@ outputWriter.print(message); } outputWriter.print("\r\n"); - // System.out.println("sendHeaders: " + - // request.getRequest().getProtocol() + - // " " + status + " " + message); + // System.out.println("sendHeaders: " + + // request.getRequest().getProtocol() + + // " " + status + " " + message); // Send the content-length and content-type headers (if any) if (getContentType() != null) { @@ -604,17 +604,17 @@ outputWriter.print(": "); outputWriter.print(CookieTools.getCookieHeaderValue(cookie)); outputWriter.print("\r\n"); - // System.out.println(" " + - // CookieTools.getCookieHeaderName(cookie) + - // ": " + - // CookieTools.getCookieHeaderValue(cookie)); + //System.out.println(" " + + // CookieTools.getCookieHeaderName(cookie) + + // ": " + + // CookieTools.getCookieHeaderValue(cookie)); } } // Send a terminating blank line to mark the end of the headers outputWriter.print("\r\n"); outputWriter.flush(); - // System.out.println("----------"); + // System.out.println("----------"); // The response is now committed committed = true; 1.8 +21 -9 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java Index: StandardContextValve.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- StandardContextValve.java 2001/01/25 18:36:26 1.7 +++ StandardContextValve.java 2001/03/14 02:17:21 1.8 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v 1.7 2001/01/25 18:36:26 remm Exp $ - * $Revision: 1.7 $ - * $Date: 2001/01/25 18:36:26 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v 1.8 2001/03/14 02:17:21 craigmcc Exp $ + * $Revision: 1.8 $ + * $Date: 2001/03/14 02:17:21 $ * * ==================================================================== * @@ -73,8 +73,10 @@ import javax.naming.NamingException; import org.apache.naming.ContextBindings; import org.apache.catalina.Container; +import org.apache.catalina.Manager; import org.apache.catalina.Request; import org.apache.catalina.Response; +import org.apache.catalina.Session; import org.apache.catalina.ValveContext; import org.apache.catalina.Wrapper; import org.apache.catalina.util.StringManager; @@ -89,7 +91,7 @@ * when processing HTTP requests. * * @author Craig R. McClanahan - * @version $Revision: 1.7 $ $Date: 2001/01/25 18:36:26 $ + * @version $Revision: 1.8 $ $Date: 2001/03/14 02:17:21 $ */ final class StandardContextValve @@ -152,10 +154,9 @@ } // Disallow any direct access to resources under WEB-INF or META-INF - String contextPath = - ((HttpServletRequest) request.getRequest()).getContextPath(); - String requestURI = - ((HttpServletRequest) request.getRequest()).getRequestURI(); + HttpServletRequest hreq = (HttpServletRequest) request.getRequest(); + String contextPath = hreq.getContextPath(); + String requestURI = hreq.getRequestURI(); String relativeURI = requestURI.substring(contextPath.length()).toUpperCase(); if (relativeURI.equals("/META-INF") || @@ -171,8 +172,19 @@ return; } - // Select the Wrapper to be used for this Request + // Update the session last access time for our session (if any) StandardContext context = (StandardContext) getContainer(); + String sessionId = hreq.getRequestedSessionId(); + if (sessionId != null) { + Manager manager = context.getManager(); + if (manager != null) { + Session session = manager.findSession(sessionId); + if ((session != null) && session.isValid()) + session.access(); + } + } + + // Select the Wrapper to be used for this Request Wrapper wrapper = (Wrapper) context.map(request, true); if (wrapper == null) { notFound(requestURI, (HttpServletResponse) response.getResponse()); 1.5 +4 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java Index: ManagerBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ManagerBase.java 2001/02/03 20:36:20 1.4 +++ ManagerBase.java 2001/03/14 02:17:22 1.5 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v 1.4 2001/02/03 20:36:20 remm Exp $ - * $Revision: 1.4 $ - * $Date: 2001/02/03 20:36:20 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v 1.5 2001/03/14 02:17:22 craigmcc Exp $ + * $Revision: 1.5 $ + * $Date: 2001/03/14 02:17:22 $ * * ==================================================================== * @@ -86,7 +86,7 @@ * be subclassed to create more sophisticated Manager implementations. * * @author Craig R. McClanahan - * @version $Revision: 1.4 $ $Date: 2001/02/03 20:36:20 $ + * @version $Revision: 1.5 $ $Date: 2001/03/14 02:17:22 $ */ public abstract class ManagerBase implements Manager { @@ -547,8 +547,6 @@ return (null); synchronized (sessions) { Session session = (Session) sessions.get(id); - if (session != null) - session.access(); return (session); } 1.2 +4 -6 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java Index: PersistentManager.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- PersistentManager.java 2001/02/03 20:36:21 1.1 +++ PersistentManager.java 2001/03/14 02:17:22 1.2 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v 1.1 2001/02/03 20:36:21 remm Exp $ - * $Revision: 1.1 $ - * $Date: 2001/02/03 20:36:21 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/PersistentManager.java,v 1.2 2001/03/14 02:17:22 craigmcc Exp $ + * $Revision: 1.2 $ + * $Date: 2001/03/14 02:17:22 $ * * ==================================================================== * @@ -106,7 +106,7 @@ * <li>Limit the number of active sessions kept in memory by * swapping less active sessions out to disk.</li> * - * @version $Revision: 1.1 $ + * @version $Revision: 1.2 $ * @author Kief Morris ([EMAIL PROTECTED]) */ @@ -464,8 +464,6 @@ maxIdleBackup >= 0) session = swapIn(id); - if (session != null) - session.access(); return (session); } 1.14 +5 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java Index: StandardSession.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- StandardSession.java 2001/02/06 17:12:26 1.13 +++ StandardSession.java 2001/03/14 02:17:22 1.14 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v 1.13 2001/02/06 17:12:26 craigmcc Exp $ - * $Revision: 1.13 $ - * $Date: 2001/02/06 17:12:26 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v 1.14 2001/03/14 02:17:22 craigmcc Exp $ + * $Revision: 1.14 $ + * $Date: 2001/03/14 02:17:22 $ * * ==================================================================== * @@ -110,7 +110,7 @@ * @author Craig R. McClanahan * @author Sean Legassick * @author <a href="mailto:[EMAIL PROTECTED]">Jon S. Stevens</a> - * @version $Revision: 1.13 $ $Date: 2001/02/06 17:12:26 $ + * @version $Revision: 1.14 $ $Date: 2001/03/14 02:17:22 $ */ class StandardSession @@ -481,7 +481,7 @@ */ public void access() { - this.isNew = false; + this.isNew = false; this.lastAccessedTime = this.thisAccessedTime; this.thisAccessedTime = System.currentTimeMillis(); --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]