craigmcc 01/05/15 18:43:56
Modified: catalina/src/share/org/apache/catalina/authenticator
AuthenticatorBase.java
Log:
Revert the previous change, back to what was 1.13.
Revision Changes Path
1.15 +97 -31
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
Index: AuthenticatorBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- AuthenticatorBase.java 2001/05/16 01:40:00 1.14
+++ AuthenticatorBase.java 2001/05/16 01:43:54 1.15
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.14 2001/05/16 01:40:00 craigmcc Exp $
- * $Revision: 1.14 $
- * $Date: 2001/05/16 01:40:00 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java,v
1.15 2001/05/16 01:43:54 craigmcc Exp $
+ * $Revision: 1.15 $
+ * $Date: 2001/05/16 01:43:54 $
*
* ====================================================================
*
@@ -66,6 +66,8 @@
import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
@@ -119,7 +121,7 @@
* requests. Requests of any other type will simply be passed through.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.14 $ $Date: 2001/05/16 01:40:00 $
+ * @version $Revision: 1.15 $ $Date: 2001/05/16 01:43:54 $
*/
@@ -474,32 +476,41 @@
log(" Subject to constraint " + constraint);
// Enforce any user data constraint for this security constraint
+ if (debug >= 1)
+ log(" Calling checkUserData()");
if (!checkUserData(hrequest, hresponse, constraint)) {
if (debug >= 1)
log(" Failed checkUserData() test");
- ((HttpServletResponse) hresponse.getResponse()).sendError
- (HttpServletResponse.SC_FORBIDDEN,
- ((HttpServletRequest) hrequest.getRequest()).getRequestURI());
- return;
- }
-
- // Authenticate based upon the specified login configuration
- if (!authenticate(hrequest, hresponse, config)) {
- if (debug >= 1)
- log(" Failed authenticate() test");
// ASSERT: Authenticator already set the appropriate
// HTTP status code, so we do not have to do anything special
return;
}
+ // Authenticate based upon the specified login configuration
+ if (constraint.getAuthConstraint()) {
+ if (debug >= 1)
+ log(" Calling authenticate()");
+ if (!authenticate(hrequest, hresponse, config)) {
+ if (debug >= 1)
+ log(" Failed authenticate() test");
+ // ASSERT: Authenticator already set the appropriate
+ // HTTP status code, so we do not have to do anything special
+ return;
+ }
+ }
+
// Perform access control based on the specified role(s)
- if (!accessControl(hrequest, hresponse, constraint)) {
- if (debug >= 1)
- log(" Failed accessControl() test");
- // ASSERT: Access control method has already set the appropriate
- // HTTP status code, so we do not have to do anything special
- return;
- }
+ if (constraint.getAuthConstraint()) {
+ if (debug >= 1)
+ log(" Calling accessControl()");
+ if (!accessControl(hrequest, hresponse, constraint)) {
+ if (debug >= 1)
+ log(" Failed accessControl() test");
+ // ASSERT: AccessControl method has already set the appropriate
+ // HTTP status code, so we do not have to do anything special
+ return;
+ }
+ }
// Any and all specified constraints have been satisfied
if (debug >= 1)
@@ -634,22 +645,77 @@
throws IOException {
// Is there a relevant user data constraint?
- if (constraint == null)
+ if (constraint == null) {
+ if (debug >= 2)
+ log(" No applicable security constraint defined");
return (true);
+ }
String userConstraint = constraint.getUserConstraint();
- if (userConstraint == null)
+ if (userConstraint == null) {
+ if (debug >= 2)
+ log(" No applicable user data constraint defined");
return (true);
- if (userConstraint.equals(Constants.NONE_TRANSPORT))
+ }
+ if (userConstraint.equals(Constants.NONE_TRANSPORT)) {
+ if (debug >= 2)
+ log(" User data constraint has no restrictions");
return (true);
+ }
// Validate the request against the user data constraint
- if (!request.getRequest().isSecure()) {
- ((HttpServletResponse) response.getResponse()).sendError
- (HttpServletResponse.SC_BAD_REQUEST,
- sm.getString("authenticator.userDataConstraint"));
- return (false);
- }
- return (true);
+ if (request.getRequest().isSecure()) {
+ if (debug >= 2)
+ log(" User data constraint already satisfied");
+ return (true);
+ }
+
+ // Initialize variables we need to determine the appropriate action
+ HttpServletRequest hrequest =
+ (HttpServletRequest) request.getRequest();
+ HttpServletResponse hresponse =
+ (HttpServletResponse) response.getResponse();
+ int redirectPort = request.getConnector().getRedirectPort();
+
+ // Is redirecting disabled?
+ if (redirectPort <= 0) {
+ if (debug >= 2)
+ log(" SSL redirect is disabled");
+ hresponse.sendError
+ (HttpServletResponse.SC_FORBIDDEN,
+ hrequest.getRequestURI());
+ return (false);
+ }
+
+ // Redirect to the corresponding SSL port
+ String protocol = "https";
+ String host = hrequest.getServerName();
+ StringBuffer file = new StringBuffer(hrequest.getRequestURI());
+ String requestedSessionId = hrequest.getRequestedSessionId();
+ if ((requestedSessionId != null) &&
+ hrequest.isRequestedSessionIdFromURL()) {
+ file.append(";jsessionid=");
+ file.append(requestedSessionId);
+ }
+ String queryString = hrequest.getQueryString();
+ if (queryString != null) {
+ file.append('?');
+ file.append(queryString);
+ }
+ URL url = null;
+ try {
+ url = new URL(protocol, host, redirectPort, file.toString());
+ if (debug >= 2)
+ log(" Redirecting to " + url.toString());
+ hresponse.sendRedirect(url.toString());
+ return (false);
+ } catch (MalformedURLException e) {
+ if (debug >= 2)
+ log(" Cannot create new URL", e);
+ hresponse.sendError
+ (HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+ hrequest.getRequestURI());
+ return (false);
+ }
}
