cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator FormAuthenticator.java

Thu, 26 Jul 2001 11:51:07 -0700 

craigmcc    01/07/26 12:11:36

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        FormAuthenticator.java
  Log:
  Fix an endless loop that would occur if the <form-error-page> page was
  within the protected area of the web application.  There was already a
  special check to display the login page even if it was protected.
  
  PR: Bugzilla #2806
  Submitted by: Kevin Jones <[EMAIL PROTECTED]>
  
  Revision  Changes    Path
  1.13      +14 -5     
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java
  
  Index: FormAuthenticator.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- FormAuthenticator.java    2001/07/25 00:09:34     1.12
  +++ FormAuthenticator.java    2001/07/26 19:11:36     1.13
  @@ -1,7 +1,7 @@
   /*
  - * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
 1.12 2001/07/25 00:09:34 craigmcc Exp $
  - * $Revision: 1.12 $
  - * $Date: 2001/07/25 00:09:34 $
  + * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java,v
 1.13 2001/07/26 19:11:36 craigmcc Exp $
  + * $Revision: 1.13 $
  + * $Date: 2001/07/26 19:11:36 $
    *
    * ====================================================================
    *
  @@ -88,7 +88,7 @@
    * Authentication, as described in the Servlet API Specification, Version 2.2.
    *
    * @author Craig R. McClanahan
  - * @version $Revision: 1.12 $ $Date: 2001/07/25 00:09:34 $
  + * @version $Revision: 1.13 $ $Date: 2001/07/26 19:11:36 $
    */
   
   public final class FormAuthenticator
  @@ -192,6 +192,16 @@
               return (true);      // Display the login page in the usual manner
           }
   
  +        // Is this a request for the error page itself?  Test here to avoid
  +        // an endless loop (back to the login page) if the error page is
  +        // within the protected area of our security constraint
  +        String errorURI = contextPath + config.getErrorPage();
  +        if (requestURI.equals(errorURI)) {
  +            if (debug >= 1)
  +                log("Requesting error page normally");
  +            return (true);      // Display the error page in the usual manner
  +        }
  +
           // Is this the action request from the login page?
           boolean loginAction =
               requestURI.startsWith(contextPath) &&
  @@ -216,7 +226,6 @@
           String password = hreq.getParameter(Constants.FORM_PASSWORD);
           principal = realm.authenticate(username, password);
           if (principal == null) {
  -            String errorURI = contextPath + config.getErrorPage();
               if (debug >= 1)
                   log("Redirect to error page '" + errorURI + "'");
               hres.sendRedirect(hres.encodeRedirectURL(errorURI));

Reply via email to